manualshive.com logo in svg

SMC Networks 8728L2 - annexe 1, Management Manual

The SMC Networks 8728L2 - annexe 1 is a power-packed managed switch designed for efficient network management. With its comprehensive Management Manual, users can easily navigate through advanced features and configurations. Download this essential manual for free from manualshive.com to maximize the potential of your SMC Networks 8728L2 - annexe 1.

Share
Download
background image

A

CCESS

 C

ONTROL

 L

IST

 C

OMMANDS

4-117

sport

 – Protocol

2

 source port number. (Range: 0-65535)

dport

 – Protocol

2

 destination port number. (Range: 0-65535)

end

 – Upper bound of the protocol port range. (Range: 0-65535)

Default Setting

None

Command Mode

Extended ACL

Command Usage

• All new rules are appended to the end of the list.
• Address bitmasks are similar to a subnet mask, containing four 

integers from 0 to 255, each separated by a period. The binary mask 
uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The 
bitmask is bitwise ANDed with the specified source IP address, and 
then compared with the address for each IP packet entering the port(s) 
to which this ACL has been assigned.

Example

This example accepts any incoming packets if the source address is within 
subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 
& 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), 
the packet passes through.

This allows TCP packets from class C addresses 192.168.1.0 to any 
destination address when set for destination TCP port 80 (i.e., HTTP).

Related Commands

access-list ip (4-114)

show ip access-list 

This command displays the rules for configured IP ACLs.

2.  Includes TCP, UDP or other protocol types.

Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any
Console(config-ext-acl)#

Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any 

destination-port 80

Console(config-ext-acl)#

Summary of Contents for 8728L2 - annexe 1

Page 1: ...ocking switching architecture Support for a redundant power unit Spanning Tree Protocol Rapid STP and MSTP Up to 6 LACP or static trunks CoS support for eight level priority Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Telnet Web and SNMP RMON Management Guide SMC8728L2 ...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions October 2006 Pub 149100028400A ...

Page 4: ...ed by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2006 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are t...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...CIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTIO...

Page 7: ...Saving Configuration Settings 2 11 Managing System Files 2 12 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 3 Home Page 3 3 Configuration Options 3 4 Panel Display 3 4 Main Menu 3 5 Basic Configuration 3 11 Displaying System Information 3 11 Displaying Switch Hardware Software Versions 3 14 Displaying Bridge Extension Capabilities 3 16 Setting the ...

Page 8: ...rol Lists 3 92 Configuring Access Control Lists 3 92 Binding a Port to an Access Control List 3 97 Filtering Management Access 3 98 Port Configuration 3 100 Displaying Connection Status 3 100 Configuring Interface Connections 3 104 Creating Trunk Groups 3 106 Setting Broadcast Storm Thresholds 3 121 Configuring Port Mirroring 3 123 Configuring Rate Limits 3 124 Showing Port Statistics 3 126 Addres...

Page 9: ...tion 3 187 Setting the Default Priority for Interfaces 3 187 Mapping CoS Values to Egress Queues 3 188 Selecting the Queue Mode 3 191 Setting the Service Weight for Traffic Classes 3 192 Mapping Layer 3 4 Priorities to CoS Values 3 193 Selecting IP DSCP Priority 3 193 Mapping DSCP Priority 3 194 Mapping CoS Values to ACLs 3 196 Multicast Filtering 3 198 Layer 2 IGMP Snooping and Query 3 199 Config...

Page 10: ... response 4 17 exec timeout 4 18 password thresh 4 19 silent time 4 20 databits 4 20 parity 4 21 speed 4 22 stopbits 4 23 disconnect 4 23 show line 4 24 General Commands 4 25 enable 4 26 disable 4 27 configure 4 27 show history 4 28 reload 4 29 end 4 29 exit 4 30 quit 4 30 System Management Commands 4 31 Device Designation Commands 4 32 User Access Commands 4 33 IP Filter Commands 4 36 Web Server ...

Page 11: ... Port Security Commands 4 100 802 1X Port Authentication 4 103 Access Control List Commands 4 112 IP ACLs 4 113 ACL Information 4 122 SNMP Commands 4 123 Interface Commands 4 143 interface 4 144 description 4 144 speed duplex 4 145 negotiation 4 146 capabilities 4 147 flowcontrol 4 148 shutdown 4 149 clear counters 4 150 show interfaces status 4 151 show interfaces counters 4 152 show interfaces s...

Page 12: ... mac address table 4 178 mac address table aging time 4 179 show mac address table aging time 4 180 Spanning Tree Commands 4 180 spanning tree 4 182 spanning tree mode 4 183 spanning tree forward time 4 184 spanning tree hello time 4 185 spanning tree max age 4 186 spanning tree priority 4 187 spanning tree pathcost method 4 187 spanning tree transmission limit 4 188 spanning tree mst configuratio...

Page 13: ...d Bridge Extension Commands 4 224 bridge ext gvrp 4 225 show bridge ext 4 225 switchport gvrp 4 226 show gvrp configuration 4 227 garp timer 4 227 show garp timer 4 229 Priority Commands 4 229 Priority Commands Layer 2 4 230 Priority Commands Layer 3 and 4 4 237 Multicast Filtering Commands 4 240 IGMP Snooping Commands 4 241 IGMP Query Commands Layer 2 4 245 Static Multicast Routing Commands 4 249...

Page 14: ...CONTENTS x B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using System Logs B 3 Glossary Index ...

Page 15: ...CONTENTS xi ...

Page 16: ...g 3 189 Table 3 13 CoS Priority Levels 3 189 Table 3 14 Mapping DSCP Priority 3 195 Table 3 15 CoS to ACL Mapping 3 196 Table 4 1 Command Modes 4 7 Table 4 2 Configuration Commands 4 9 Table 4 3 Keystroke Commands 4 10 Table 4 4 Command Group Index 4 11 Table 4 5 Line Command Syntax 4 13 Table 4 6 General Commands 4 25 Table 4 7 System Management Commands 4 31 Table 4 8 Device Designation Commands...

Page 17: ...Table 4 34 IP ACL Commands 4 113 Table 4 35 Egress Queue Priority Mapping 4 120 Table 4 36 ACL Information 4 122 Table 4 37 SNMP Commands 4 123 Table 4 38 show snmp engine id display description 4 135 Table 4 39 show snmp view display description 4 137 Table 4 40 show snmp group display description 4 139 Table 4 41 show snmp user display description 4 142 Table 4 42 Interface Commands 4 143 Table ...

Page 18: ...able 4 60 Priority Commands 4 230 Table 4 62 Default CoS Priority Levels 4 234 Table 4 63 Priority Commands Layer 3 and 4 4 237 Table 4 64 Mapping IP DSCP to CoS Values 4 238 Table 4 65 Multicast Filtering Commands 4 240 Table 4 66 IGMP Snooping Commands 4 241 Table 4 67 IGMP Query Commands Layer 2 4 245 Table 4 68 Static Multicast Routing Commands 4 249 Table 4 69 IP Interface Commands 4 251 Tabl...

Page 19: ...TABLES xv ...

Page 20: ...ing 3 29 Figure 3 15 Enabling Telnet 3 31 Figure 3 16 Displaying Logs 3 33 Figure 3 17 System Logs 3 35 Figure 3 18 Remote Logs 3 36 Figure 3 19 Enabling and Configuring SMTP 3 38 Figure 3 20 Resetting the System 3 39 Figure 3 21 SNTP Configuration 3 41 Figure 3 22 Setting the Time Zone 3 42 Figure 3 23 Enabling the SNMP Agent 3 45 Figure 3 24 Configuring SNMP Community Strings 3 46 Figure 3 25 Co...

Page 21: ...3 113 Figure 3 52 Displaying LACP Port Counters Information 3 115 Figure 3 53 Displaying LACP Port Information 3 118 Figure 3 54 Displaying Remote LACP Port Information 3 120 Figure 3 55 Enabling Port Broadcast Control 3 122 Figure 3 56 Configuring a Mirror Port 3 124 Figure 3 57 Configuring Input Port Rate Limiting 3 125 Figure 3 58 Displaying Port Statistics 3 130 Figure 3 59 Displaying Etherlik...

Page 22: ...gure 3 83 Protocol VLAN Port Configuration 3 186 Figure 3 84 Port Priority Configuration 3 188 Figure 3 85 Configuring Ports and Trunks for Class of Service 3 190 Figure 3 86 Setting the Queue Mode 3 191 Figure 3 87 Configuring Queue Scheduling 3 192 Figure 3 88 IP DSCP Priority Status 3 194 Figure 3 89 Mapping IP DSCP Priority to Class of Service Values 3 195 Figure 3 90 Configuring Internet Grou...

Page 23: ...e switch s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web HTTPS Telnet SSH SNMP v1 v2c v3 Community strings Port IEEE 802 1x MAC address filtering Access Control Lists Supports up to 32 IP DHCP Client Supported Po...

Page 24: ...f the management features are briefly described below Port Trunking Supports up to 6 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Address Up to 8K MAC addresses in the forwarding table IEEE 802 1D Bridge Supports dynamic data switching and addresses learning Store and Forward Switching Supported to ensure wire speed switching while eliminating bad fr...

Page 25: ...ent access over a Telnet equivalent connection SNMP Version 3 IP address filtering for SNMP web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filtering for IP frames based on address protocol TCP UDP port number or TCP control code or any frames based on MAC address or Ethernet type ACLs can by used to improve performance by blocking un...

Page 26: ...hould fail The switch supports up to 6 trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelming the network When enabled on a port the level of broadcast traffic passing through the port is restricted If broadcast traffic rises above a pre defined threshold it will be throttled until the level falls back beneath the threshold Static Addresses A static addre...

Page 27: ...d disable all others to ensure that only one route exists between any two stations on the network This prevents the creation of network loops However if the chosen path should fail for any reason an alternate path will be activated to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology changes to about 10 of that req...

Page 28: ...rity by restricting all traffic to the originating VLAN Use private VLANs to restrict traffic to pass only between data ports and the uplink ports thereby isolating adjacent ports within the same VLAN and allowing you to limit the total number of VLANs that need to be configured Traffic Prioritization This switch prioritizes each packet based on the required level of service using eight priority q...

Page 29: ...em Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defaults this file should be set as the startup configuration file page 3 25 The following table lists some of the basic system defaults Table 1 2 System Defaults Function Parameter Default Console Port Connection Baud Rate 9600 Data bits 8 Stop bits 1 Parity none Local Co...

Page 30: ...ol Disabled Rate Limiting Input limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Protocol Status Enabled RSTP Defaults All values based on IEEE 802 1w Fast Forwarding Edge Port Disabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptab...

Page 31: ...Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Enabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Enabled System Log Status Enabled Messages Logged Levels 0 6 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled Table 1 2 System Defaults Continued Function Parameter Default ...

Page 32: ...INTRODUCTION 1 10 ...

Page 33: ...P Web agent allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s Web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 serial console ...

Page 34: ...t filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to 6 static or LACP trunks Enable port mirroring Set broadcast storm control on any port Display system information and statistics Required Connections The switch provides an RS 232 serial po...

Page 35: ...p bit and no parity Set flow control to none Set the emulation mode to VT100 With HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with Microsoft Windows 2000 make sure that you have Windows 2000 Service Pack 2 or later installed Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal s VT100 emulation See www microsoft com f...

Page 36: ...ed using Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above or from a network computer using SNMP network management software Note The onboard program only provides access to basic configuration functions To access the full range of SNMP management functions you must u...

Page 37: ...Setting Passwords Note If this is your first time to log into the CLI program you should define new passwords for both default user names using the username command record them and put them in a safe place Passwords can consist of up to 8 alphanumeric characters and are case sensitive To prevent unauthorized access to the switch set the passwords as follows 1 Open the console interface with the de...

Page 38: ...You may also need to specify a default gateway that resides between this device and management stations on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the CLI program Note The IP address for this switch is obtained via DHCP by default Before you can assign an IP address to the switch y...

Page 39: ...you select the bootp or dhcp option IP will be enabled but will not function until a BOOTP or DHCP reply has been received You therefore need to use the ip dhcp restart client command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values can include the IP address subnet mask and default gateway If the bo...

Page 40: ... broadcasting service requests Press Enter 5 Wait a few minutes and then check the IP configuration settings by typing the show ip interface command Press Enter 6 Then save your configuration changes by typing copy running config startup config Enter the startup file name and press Enter Console config interface vlan 1 Console config if ip address dhcp Console config if end Console ip dhcp restart...

Page 41: ...ents you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to the entire MIB tree However you may assign new views to version 1 or 2c community strings that suit your specific securi...

Page 42: ...he default community strings If there are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure a trap receiver use the snmp server host command From the Privileged Exec level global configuration mode prompt type snmp server host host address community strin...

Page 43: ...password einstien for encryption For a more detailed explanation on how to configure the switch for access from SNMP v3 clients refer to Simple Network Management Protocol on page 3 42 or refer to the specific CLI commands for SNMP starting on page 4 123 Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To ...

Page 44: ...ation settings are saved Saved configuration files can be selected as a system start up file or can be uploaded via TFTP to a server for backup A file named Factory_Default_Config cfg contains all the system default settings and cannot be deleted from the system See Saving or Restoring Configuration Settings on page 3 25 for more information Operation Code System software that is executed after bo...

Page 45: ...of each type must be set as the start up file During a system boot the diagnostic and operation code files set as the start up file are run and then the start up configuration file is loaded Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the setti...

Page 46: ...INITIAL CONFIGURATION 2 14 ...

Page 47: ...ia Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 6 2 Set user names and password...

Page 48: ... password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management comma...

Page 49: ...rs and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and...

Page 50: ...lorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control Clicking on the image o...

Page 51: ...and power status 3 14 Bridge Extension Configuration Shows the bridge extension parameters 3 16 IP Configuration Sets the IP address for management access 3 17 Jumbo Frames Enables or disables jumbo frames 3 21 File Management 3 23 Copy Operation Allows the transfer and copying files 3 23 Delete Allows deletion of files from the flash memory 3 25 Set Start Up Sets the start up file 3 23 Line 3 27 ...

Page 52: ... Sets SNMPv3 Engine ID 3 50 Remote Engine ID Adds a Remote Engine ID and IP Host 3 51 Users Creates or deletes user accounts 3 52 Remote Users Creates or deletes remote user accounts 3 55 Groups Creates or deletes SNMPv3 Groups 3 58 Views Creates or deletes SNMPv3 Views 3 63 Security 3 65 User Accounts Assigns a new password for the current user 3 66 Authentication Settings Configures authenticati...

Page 53: ...ACL 3 97 IP Filter Sets IP addresses of clients allowed management access 3 98 Port 3 98 Port Information Displays port connection status 3 100 Trunk Information Displays trunk connection status 3 100 Port Configuration Configures port connection settings 3 104 Trunk Configuration Configures trunk connection settings 3 104 Trunk Membership Specifies ports to group into static trunks 3 107 LACP 3 1...

Page 54: ...Table 3 132 Static Addresses Displays entries for interface address or VLAN 3 132 Dynamic Addresses Displays or edits static entries in the Address Table 3 134 Address Aging Sets timeout for dynamically learned entries 3 135 Spanning Tree 3 136 STA 3 138 Information Displays STA values used for the bridge 3 138 Configuration Configures global bridge settings for STA RSTP and MSTP 3 141 Port Inform...

Page 55: ...n protocol 3 165 Basic Information Displays information on the VLAN type supported by this switch 3 165 Current Table Shows the current port members of each VLAN and whether or not the port is tagged or untagged 3 166 Static List Used to create or remove VLAN groups 3 168 Static Table Modifies the settings for an existing VLAN 3 170 Static Membership by Port Configures membership type for interfac...

Page 56: ...ANs 3 186 Priority 3 187 Default Port Priority Sets the default priority for each port 3 187 Default Trunk Priority Sets the default priority for each trunk 3 187 Traffic Classes Maps IEEE 802 1p priority tags to output queues 3 188 Queue Mode Sets queue mode to strict priority or Weighted Round Robin 3 191 Queue Scheduling Configures Weighted Round Robin queueing 3 192 IP DSCP Priority Status Glo...

Page 57: ...st Router Port Information Displays the ports that are attached to a neighboring multicast router for each VLAN ID 3 202 Static Multicast Router Port Configuration Assigns ports that are attached to a neighboring multicast router 3 203 IPMulticastRegistration Table Displays all multicast groups active on this switch including multicast IP addresses and VLAN ID 3 204 IGMP Member Port Table Indicate...

Page 58: ...e server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interface Telnet server Shows if management access via Telnet is enabled Telnet port Shows the TCP port used by the Telnet interface Jumbo Frame Shows if jumbo frames are enabled POST result Shows results of the power on self test Web Click System System Information Specify the syst...

Page 59: ...tring 1 3 6 1 4 1 202 20 58 System Information System Up Time 0 days 0 hours 3 minutes and 7 12 seconds System Name NONE System Location NONE System Contact NONE MAC Address Unit1 00 13 F7 27 57 02 Web Server Enabled Web Server Port 80 Web Secure Server Enabled Web Secure Server Port 443 Telnet Server Enable Telnet Server Port 23 Jumbo Frame Disabled POST Result UART Loopback Test PASS DRAM Test P...

Page 60: ... of the main board Internal Power Status Displays the status of the internal power supply Redundant Power Status Displays the status of the redundant power supply Management Software EPLD Version Version number of the Electronically Programmable Logic Device code Loader Version Version number of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Ve...

Page 61: ...ersion information Console show version 4 80 Serial Number A613004238 Service Tag Hardware Version R01 EPLD Version 15 15 Module A Type Not present Module B Type Not present Number of Ports 30 Main Power Status Up Redundant Power Status Not present Loader Version 1 0 0 6 Boot ROM Version 1 0 0 8 Operation Code Version 3 0 0 0 Console ...

Page 62: ...Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 132 VLAN Learning This switch uses Shared VLAN Learning SVL where all VLANs share the same address table Configurable PVID Tagging This switch allows you to override the default Port VLAN ID PVID used in frame tags and egress status VLAN Tagged or Untagged on ea...

Page 63: ... need to change the switch s default settings IP address 0 0 0 0 and netmask 255 0 0 0 to values that are compatible with your network You may also need to a establish a default gateway between the switch and management stations that exist on another network segment Console show bridge ext 4 225 Max support VLAN numbers 255 Max support VLAN ID 4093 Extended multicast filtering services No Static e...

Page 64: ...tion Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broadcast periodically by the switch for an IP address DHCP BOOTP values can include the IP address subnet mask and default gateway IP Address Address of the VLAN interface that is allowed management access Valid ...

Page 65: ...tatic enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 4 144 Console config if ip address 10 1 0 254 255 255 255 0 4 252 Console config if exit Console config ip default gateway 192 168 1 254 4 254 Console config ...

Page 66: ...management station is attached set the IP Address Mode to DHCP or BOOTP Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadcast a request for IP configuration settings on each power reset Figure 3 7 DHCP IP Configuration Note If you lose your management connection use a console connection and enter show ip interface to ...

Page 67: ...ctioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service via the web interface if the current address is still available CLI Enter the following command to restart DHCP service Enabling Jumbo Frames You can enable jumbo frames to support data packets up to 9000 bytes in size Command Attributes Jumbo Packet Status Check the box to enable jumbo f...

Page 68: ...can discover switches on local or other networks After discovering the switches Batch Upgrade can then be set to automatically upgrade the runtime code on all discovered switches Batch Upgrade is provided in the Batch Upgrade folder in the CD provided with this switch For details see the Batch Upgrade document in this Batch Upgrade folder Command Attributes File Transfer Method The firmware copy o...

Page 69: ...is file cannot be deleted Downloading System Software from a Server When downloading runtime code you can specify the destination file name to replace the current image or first download the file using a different name from the current runtime code file and then set the new file as the startup file Web Click System File Management Copy Operation Select tftp to file as the file transfer method ente...

Page 70: ...Apply Note that the file currently designated as the startup code cannot be deleted Figure 3 11 Deleting Files CLI Enter the IP address of the TFTP server select config or opcode file type then enter the source and destination file names set the new file to start up the system and then restart the switch Console copy tftp file 4 83 TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opcod...

Page 71: ...s a file from the switch to a TFTP server running config to file Copies the running configuration to a file running config to startup config Copies the running config to the startup config running config to tftp Copies the running configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch startup config to running config Copies the startup config...

Page 72: ...t it as the startup file or you can specify the current startup configuration file as the destination file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch Web Click System File Management Copy Operation Select tftp to startup config or tftp to file and enter the IP address of the TFTP server S...

Page 73: ...h Console Port Settings You can access the onboard configuration program by attaching a VT100 compatible device to the switch s serial console port Management access through the console port is controlled by various parameters including a password timeouts and basic communication settings These parameters can be configured via the web or CLI interface Console copy tftp startup config 4 83 TFTP ser...

Page 74: ... next logon attempt Range 0 120 Default 3 attempts Silent Time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded Range 0 65535 Default 0 Data Bits Sets the number of data bits per character that are interpreted and generated by the console port If parity is being generated specify 7 data bits per character If no parity ...

Page 75: ... the correct password the system shows a prompt Default No password Login Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name accounts Default Local Web Click System Line Console Specify the console port connection parameters as required then click Apply Figure 3 14 Conso...

Page 76: ...t Enabled Telnet Port Number Sets the TCP port number for Telnet on the switch Default 23 Console config line console 4 14 Console config line login local 4 15 Console config line password 0 secret 4 16 Console config line timeout login response 0 4 17 Console config line exec timeout 0 4 18 Console config line password thresh 3 4 19 Console config line silent time 60 4 20 Console config line data...

Page 77: ...gon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Available in CLI only Password Specifies a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the corr...

Page 78: ...event messages The switch can store up to 2048 log entries in temporary random access memory RAM i e memory flushed on power reset and up to 4096 entries in permanent flash memory Web Click System Log Logs Console config line vty 4 14 Console config line login local 4 15 Console config line password 0 secret 4 16 Console config line timeout login response 300 4 17 Console config line exec timeout ...

Page 79: ...ries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 6 to be logged to RAM Command Attributes System Log Status Enables disables the logging of debug or error messages to the ...

Page 80: ... equal to or less than the RAM Level Web Click System Log System Logs Specify System Log Status set the level of event messages to be logged to RAM and flash memory then click Apply Table 3 3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Normal but significant condition such as cold start 4 Warning Warning conditions ...

Page 81: ...ables the logging of debug or error messages to the remote logging process Default Enabled Logging Facility Sets the facility type for remote logging of syslog messages There are eight facility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages ...

Page 82: ...level 3 will be sent to the remote server Range 0 7 Default 6 Host IP List Displays the list of remote server IP addresses that receive the syslog messages The maximum number of host IP addresses allowed is five Host IP Address Specifies a new server IP address to add to the Host IP List Web Click System Log Remote Logs To add an IP address to the Host IP List type the new IP address in the Host I...

Page 83: ...e notification only Level 6 Notifice Sends notification of a normal but significant condition such as a cold start Level 5 Warning Sends notification of a warning condition such as return false or unexpected return Level 4 Error Sends notification that an error conditions has occurred such as invalid input or default used Level 3 Console config logging host 192 168 1 15 4 58 Console config logging...

Page 84: ...list of recipient SMTP servers SMTP Server Specifies a new SMTP server address to add to the SMTP Server List Email Destination Address List Specifies a list of recipient Email Destination Address Email Destination Address This command specifies SMTP servers that may receive alert messages Web Click System Log SMTP To add an IP address to the Server IP List type the new IP address in the Server IP...

Page 85: ... want reset the switch Figure 3 20 Resetting the System CLI Use the reload command to restart the switch When prompted confirm that you want to reset the switch Note When restarting the system it will always run the Power On Self Test Console config logging sendmail host 192 168 1 19 Console config logging sendmail level 3 Console config logging sendmail source email bill this company com Console ...

Page 86: ...pdate to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to specific time servers Command Attributes SNTP Client Configures the switch to operate as an SNTP client This requires at least one time server to be spec...

Page 87: ...s longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Console config sntp client 4 70 Console config sntp poll 604 71 Console config sntp server 10 1 0 19 137 82 140 80 128 ...

Page 88: ...d specifically for managing devices on a network Equipment commonly managed with SNMP includes switches routers and host computers SNMP is typically used to configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is refe...

Page 89: ...ubmit a valid community string for authentication Access to the switch using from clients using SNMPv3 provides additional security features that cover message integrity authentication and encryption as well as controlling user access to specific areas of the MIB tree The SNMPv3 security structure consists of security models with each model having it s own security levels There are three security ...

Page 90: ...er defined user defined user defined Community string only v2c noAuth NoPriv public read only defaultview none none Community string only v2c noAuth NoPriv private read write defaultview defaultview none Community string only v2c noAuth NoPriv user defined user defined user defined user defined Community string only v3 noAuth NoPriv user defined user defined user defined user defined A user name m...

Page 91: ...community strings authorized for management access by clients using SNMP v1 and v2c All community strings used for IP Trap Managers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports up to five community strings Current Displays a list of the community strings currently configured Com...

Page 92: ...gement stations are able to both retrieve and modify MIB objects Web Click SNMP Configuration Add new community strings as required select the access rights from the Access Mode drop down list then click Add Figure 3 24 Configuring SNMP Community Strings CLI The following example adds the string spiderman with read write access Console config snmp server community spiderman rw 4 127 Console config...

Page 93: ...on noAuth option an SNMP user account will be automatically generated and the switch will authorize SNMP access for the host Notifications are issued by the switch as trap messages by default The recipient of a trap message does not send a response to the switch Traps are therefore not as reliable as inform messages which include a request for acknowledgement of receipt Informs can be used to ensu...

Page 94: ...onding User Name in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager Trap Version Indicates if the user is running SNMP v1 v2c or v3 Default v1 Trap Security Level When trap version 3 is selected you must specify one of the following security levels Default noAuthNoPriv noAuthNoPriv There is no aut...

Page 95: ...nt station that will receive trap messages specify the UDP port trap version trap security level for v3 clients trap inform settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 3 25 Configuring SNMP Trap Managers CLI This example adds a trap manager and enables authentication traps ...

Page 96: ...ne ID An SNMPv3 engine is an independent SNMP agent that resides on the switch This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default engin...

Page 97: ...are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Specifying Trap Managers and Trap Types on page 3 47 and Configuring Remote SNMPv3 Users on page 3 55 The engine ID can be specified by entering 1 to 26 hex...

Page 98: ...1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not en...

Page 99: ...he method used for user authentication Options MD5 SHA Default MD5 Authentication Password A minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text characters is required Actions Enables the user to be assigned to another SNMPv3 group ...

Page 100: ...nd assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change the assigned group of a user click Change Group in the Actions column of the users table and select the new group Figure 3 28 Configuring SNMPv3 Users ...

Page 101: ...rst specify the engine identifier for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host See Specifying Trap Managers and Trap Types on page 3 47 and Specifying a Remote Engine ID on page 3 51 Console config snmp server user chris group r d v3 auth md5 gre...

Page 102: ...SNMP v1 v2c or v3 Default v1 Security Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only availabl...

Page 103: ...ck New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete Figure 3 29 Configuring Remote SNMPv3 Users ...

Page 104: ...ication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Read View The configured view for read access Range 1 64 characters Write View The configured view for write acc...

Page 105: ...the new root e g upon expiration of the Topology Change Timer immediately subsequent to its election topologyChange 1 3 6 1 2 1 17 0 2 A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state or from the Forwarding state to the Discarding state The trap is not sent if a newRoot trap is sent for the same transition SNMPv2...

Page 106: ...is about to enter the down state from some other state but not from the notPresent state This other state is indicated by the included value of ifOperStatus linkUpa 1 3 6 1 6 3 1 1 5 4 A linkUp trap signifies that the SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links left the down state and transitioned into some other state but not in...

Page 107: ... and generates an event that is configured for sending SNMP traps fallingAlarm 1 3 6 1 2 1 16 0 2 The SNMP trap that is generated when an alarm entry crosses its falling threshold and generates an event that is configured for sending SNMP traps Private Traps swPowerStatus ChangeTrap 1 3 6 1 4 1 202 20 58 2 1 0 1 This trap is sent when the power state changes swIpFilterRejectTrap 1 3 6 1 4 1 202 20...

Page 108: ... group In the New Group page define a name assign a security model and level and then select read and write views Click Add to save the new group and return to the Groups list To delete a group check the box next to the group name then click Delete Figure 3 30 Configuring SNMPv3 Groups ...

Page 109: ... configured object identifiers of branches within the MIB tree that define the SNMP view Edit OID Subtrees Allows you to configure the object identifiers of branches within the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Console config snmp server grou...

Page 110: ...B to be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click on View OID Subtrees to display the current configuration or click on Edit OID Subtrees to make changes to the view settings To delete a view check the box next to the view name then click Delete Figure 3 31 Configuring SNMPv3 Views ...

Page 111: ...vide a secure shell for secure Telnet access Port Security Configure secure addresses for individual ports 802 1x Use IEEE 802 1x port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 4 135 Console config exit Console show snmp view 4 136 View Name ifEntr...

Page 112: ...ssociated access levels Default admin and guest New Account Displays configuration settings for a new account User Name The name of the user Maximum length 8 characters maximum number of users 16 Access Level Specifies the user level Options Normal and Privileged Password Specifies the user password Range 0 8 characters plain text case sensitive Confirm Password Re enter the user password Change P...

Page 113: ... administrator then specify the password Configuring Local Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Console config username bob access level 15 4 34 Console c...

Page 114: ...et from the client to the server while TACACS encrypts the entire body of the packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentic...

Page 115: ...r is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Command Attributes Authentication Select the authentication or authentication sequence required Local User authentication is performed only locally by the switch Radius User authentication is performed using a RADIUS server only TACACS User authentication is performed...

Page 116: ...racters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply The number of seconds the switch waits for a reply from the RADIUS server before it resends the request Range 1 65535 Default 5 TACACS Settings Server IP Address Address of the TACACS server Default 10 11 12 13 Server Port Number Ne...

Page 117: ... 4 94 Console config radius server port 181 4 95 Console config radius server key green 4 95 Console config radius server retransmit 5 4 96 Console config radius server timeout 10 4 97 Console show radius server 4 97 Server IP address 192 168 1 25 Communication key with radius server Server port number 181 Retransmit times 5 Request timeout 10 Console config authentication login tacacs 4 91 Consol...

Page 118: ...ing the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web ...

Page 119: ... Certificate When you log onto the web interface using HTTPS for secure access a Secure Sockets Layer SSL certificate appears for the switch By default the certificate that Netscape and Internet Explorer display will be associated with a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want th...

Page 120: ...in remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch generates a pub...

Page 121: ...e create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the followin...

Page 122: ... switch the SSH server uses the host key pair to negotiate a session key and encryption method Only clients that have a private key corresponding to the public keys stored on the switch can access The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the sw...

Page 123: ... via either SSH Version 1 5 or 2 0 clients SSH Authentication Timeout Specifies the time interval in seconds that the SSH server waits for a response from a client during an authentication attempt Range 1 to 120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart th...

Page 124: ...n It shows that the administrator has made a connection via SHH and then disables this connection Console config ip ssh server 4 47 Console config ip ssh timeout 100 4 48 Console config ip ssh authentication retries 5 4 49 Console config ip ssh server key size 512 4 50 Console config end Console show ip ssh 4 53 SSH Enabled version 2 0 Negotiation timeout 120 secs Authentication retries 3 Server k...

Page 125: ... used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA DSA Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3D...

Page 126: ...memory RAM and non volatile memory Flash Web Click Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key and then click Generate Figure 3 36 SSH Host Key Settings ...

Page 127: ...ames received on a port for an initial training period and then enable port security to stop address Console ip ssh crypto host key generate 4 47 Console ip ssh save host key 4 47 Console show public key host 4 47 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528...

Page 128: ...lti VLAN port It cannot be used as a member of a static or dynamic trunk It should not be connected to a network interconnection device If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 104 Command Attributes Port Port number Name Descriptive text page 4 144 Action Indicates the action to be taken when a port sec...

Page 129: ...tication Network switches can provide open and easy access to network resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data The IEEE 802 1x dot1x standard defines a port based access control procedure that prevents unauthorized acces...

Page 130: ...IUS server contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the RADIUS server The current version of the firmware supports only the MD5 authentication method The client responds to the appropriate method with its credentials such as a password or cer...

Page 131: ...er and 802 1x client support EAP The switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have to support the same EAP authentication type The current version of the firmware supports only the EAP MD5 authetication type Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1x Glob...

Page 132: ...abled Web Select Security 802 1x Configuration Enable dot1x globally for the switch and click Apply Figure 3 39 802 1x Global Configuration CLI This enables 802 1x globally for the switch Console show dot1x 4 109 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Ho...

Page 133: ...ns Single Host Multi Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized ...

Page 134: ...t 3600 seconds Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port is...

Page 135: ...tatus Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 52 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authorized Operati...

Page 136: ... The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticat...

Page 137: ...the statistics Figure 3 41 Displaying 802 1x Port Statistics Tx EAP Req Id The number of EAP Req Id frames that have been transmitted by this Authenticator Tx EAP Req Oth The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator Table 3 7 802 1x Statistics Continued Parameter Descripton ...

Page 138: ...itions that apply to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the...

Page 139: ... Ingress IP ACL for ingress ports 2 Explicit default rule permit any any in the ingress IP ACL for ingress ports 3 If no explicit rule is matched the implicit default is permit all Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL Command Attributes Name Name of the ACL Maximum length 16 characters Type There are three filtering modes Standard IP...

Page 140: ... source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any Address Source IP address SubMask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bits to indic...

Page 141: ...ddress range 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain either all permit rules or all deny rules Default Permit rules Src Dst IP Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the ...

Page 142: ...pecify the action i e Permit or Deny Specify the source and or destination addresses Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol type or TCP control code Then click Add Figure 3 44 Configuring Extended IP ACLs CLI This exampl...

Page 143: ...st to any port Command Usage Each ACL can have up to 60 rules This switch supports ACLs for ingress filtering only However you can only bind one IP ACL to any port for ingress filtering In other words only one ACL can be bound to an interface Ingress IP ACL Command Attributes Port Fixed port or SFP module Range 1 30 IP Specifies the IP ACL to bind to a port IN ACL for ingress packets ACL Name Name...

Page 144: ...ring Management Access You can specify the client IP addresses that are allowed management access to the switch through the web interface SNMP or Telnet Command Usage The management interfaces are open to all IP addresses by default Once you add an entry to a filter list access to that interface is restricted to the specified addresses Console config interface ethernet 1 1 4 144 Console config if ...

Page 145: ... for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address Command Attributes Web IP Filter Configures IP address es for the web group SNMP ...

Page 146: ...use the Port Information or Trunk Information pages to display the current connection status including link state speed duplex mode flow control and auto negotiation Field Attributes Web Name Interface label Type Indicates the port type 1000BASE T 1000BASE SX 1000BASE LX or 100BASE FX Admin Status Shows if the interface is enabled or disabled Oper Status Indicates if the link is Up or Down Console...

Page 147: ... if port is a trunk member Creation2 Shows if a trunk is manually configured or dynamically set via LACP 1 Port Information only 2 Trunk Information only Web Click Port Port Information or Trunk Information Figure 3 47 Port Status Information Field Attributes CLI Basic information Port type Indicates the port type 1000BASE T 1000BASE SX 1000BASE LX or 100BASE FX MAC address The physical layer addr...

Page 148: ...s half duplex operation 100full Supports 100 Mbps full duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Transmits and receives pause frames for flow control FC Supports flow control Broadcast storm Shows if broadcast storm control is enabled or disabled Broadcast storm limit Shows the broadcast storm threshold 240 1488100 packets per second Flow control Shows if flow control ...

Page 149: ... none CLI This example shows the connection status for Port 5 Console show interfaces status ethernet 1 5 4 151 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 30 f1 47 58 46 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled Lacp Disabled Port s...

Page 150: ... duplex mode Flow Control Allows automatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you can force the settings for speed mode and flow control The following capabilities are supported 10half Supports 10 ...

Page 151: ...egrade overall performance for the segment attached to the hub Default Autonegotiation enabled Advertised capabilities for 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full Trunk Indicates if a port is a member of a trunk To create trunks and select port members see Creating Trunk Groups on page 3 106 Note Auto negotiation must be disabled before you can configure or for...

Page 152: ...onfigured ports on another device You can configure any number of ports on the switch as LACP as long as they are not already configured as part of a static trunk If ports on another device are also configured as LACP the switch and the other device will negotiate a trunk link between them If an LACP trunk consists of more than eight ports all other ports will be placed in a standby mode Should on...

Page 153: ... configuring static trunks on switches of different types they must be compatible with the Cisco EtherChannel standard The ports at both ends of a trunk must be configured in an identical manner including communication mode i e speed duplex mode and flow control VLAN assignments and CoS settings All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN ...

Page 154: ...red trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Trunk Trunk identifier Range 1 6 Port Port identifier Range 1 30 Web Click Port Trunk Membership Enter a trunk ID of 1 6 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3 49 Static Trunk Configurat...

Page 155: ...Console config interface ethernet 1 1 4 144 Console config if channel group 1 4 164 Console config if exit Console config interface ethernet 1 2 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 4 151 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 E8 AA AA 01 Configuration Name Port admin Up Speed duplex Auto Capabilit...

Page 156: ...f one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex and auto negotiation Command Attributes Member List Current Shows configured trunks Port New Includes entry fields for creating new trunks Port Port identifier Range 1 30 Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you ha...

Page 157: ...he port channel admin key lacp admin key page 4 169 is Console config interface ethernet 1 1 4 144 Console config if lacp 4 164 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 151 Information of Trunk 1 Basic information Port type 1000T Mac address 22 22 22 22 22 2d Configuration Name Port adm...

Page 158: ... system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 1 Port Priority If a link goes down LACP port priority...

Page 159: ...ptionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 51 LACP Aggregation Port Configuration ...

Page 160: ...le config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console sh lacp sysid 4 171 Channel Group System Priority System MAC Address 1 32768 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 5 32768 00 00 E9 31 31 31 6 32768 00 00 E9 31 31 31 Console show ...

Page 161: ...LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype...

Page 162: ...LACPDUs Sent 21 LACPDUs Received 21 Marker Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 9 LACP Settings Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP Sy...

Page 163: ...on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggrega...

Page 164: ...ACP configuration settings and operational state for the local side of port channel 1 Console show 1 lacp internal 4 171 Channel group 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 4 Oper Key 4 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long time...

Page 165: ...trative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key ...

Page 166: ...ote side of port channel 1 Console show 1 lacp neighbors 4 171 Channel group 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Admin Port Number 1 Partner Oper Port Number 1 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 4 Admin State defaulted distributing collecting synchronization long timeout Oper...

Page 167: ...ast traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Threshold Threshold as percentage of port bandwidth Options 240 1488100 packets per second Default 500 p...

Page 168: ...Console config interface ethernet 1 1 4 144 Console config if no switchport broadcast 4 157 Console config if exit Console config broadcast packet rate 500 4 156 Console config exit Console show interfaces switchport ethernet 1 2 4 154 Information of Eth 1 2 Broadcast threshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable 1000M bits per second VLAN membership mode Hyb...

Page 169: ...ffic may be dropped from the monitor port All mirror sessions have to share the same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 30 Type Allows you to select which traffic to mirror to the ta...

Page 170: ...aximum rate for traffic received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic coming into the switch Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformit...

Page 171: ...led Rate Limit Level Sets the rate limit level Web Click Port Rate Limit Input Port Configuration Enable the Rate Limit Status for the required interfaces set the Rate Limit Level and click Apply Figure 3 57 Configuring Input Port Rate Limiting CLI This example sets the rate limit for input traffic passing through port 3 Console config interface ethernet 1 3 4 144 Console config if rate limit inpu...

Page 172: ... the last system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by default Note RMON groups 2 3 and 9 can only be accessed using SNMP management software such as SMC EliteView or HP OpenView Statistical Values Table 3 11 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface including fram...

Page 173: ...requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Multicast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a multicast address at this sub layer including those that were discarded or not sent Transmit Broadcast Packets The total number of packets that higher level ...

Page 174: ...itted frames for which transmission is inhibited by exactly one collision Internal MAC Transmit Errors A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that...

Page 175: ...mber of collisions on this Ethernet segment Received Frames The total number of frames bad broadcast and multicast received Broadcast Frames The total number of good frames received that were directed to the broadcast address Note that this does not include multicast packets Multicast Frames The total number of good frames received that were directed to this multicast address CRC Alignment Errors ...

Page 176: ... and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 Byte Frames The total number of frames including bad packets received and tran...

Page 177: ...PORT CONFIGURATION 3 131 Figure 3 59 Displaying Etherlike and RMON Statistics ...

Page 178: ...stats Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE T...

Page 179: ... of a device mapped to this interface VLAN ID of configured VLAN 1 4093 Web Only Web Click Address Table Static Addresses Specify the interface the MAC address and VLAN then click Add Static Address Figure 3 60 Mapping Ports to Static Addresses CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset Console config mac address table static 00 ...

Page 180: ...ddress are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4093 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of ...

Page 181: ...isplaying the MAC Dynamic Address Table CLI This example also displays the address table entries for port 1 Changing the Aging Time You can set the aging time for entries in the dynamic address table Command Attributes Aging Status Enables disables the function Console show mac address table interface ethernet 1 1 4 178 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Permanent Eth 1 1 ...

Page 182: ...rovide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch ...

Page 183: ...e therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bridge does not get a Hello BPDU after a predefined interval Maximum Age the bridge assumes that the link to the Root Bridge is down This brid...

Page 184: ...ch using the STA Information screen Field Attributes Spanning Tree State Shows if the switch is enabled to participate in an STA compliant network Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC address where the address is taken from the switch system Max Age The maximum time in seconds a device can wait without receiving a configuration message before atte...

Page 185: ...vice of the Spanning Tree network Root Path Cost The path cost from the root port on this switch to the root device Configuration Changes The number of times the Spanning Tree has been reconfigured Last Topology Change Time since the Spanning Tree was last reconfigured These additional parameters are only displayed for the CLI Spanning tree mode Specifies the type of spanning tree used on this swi...

Page 186: ...e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Transmission limit The minimum interval between the transmission of con...

Page 187: ...ay be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting Console show spanning tree 4 202 Spanning tree information Spanning tree mode RSTP Spanning tr...

Page 188: ...anning tree instance can exist only on bridges that have compatible VLAN instance assignments Be careful when switching between spanning tree modes Changing modes stops all spanning tree instances for the previous mode and restarts the system in the new mode temporarily disrupting user traffic Command Attributes Basic Configuration of Global Settings Spanning Tree State Enables disables STA on thi...

Page 189: ...figuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or ...

Page 190: ...cified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Configuration Settings for MSTP Max Instance Numbers The maximum number of MSTP instances to which this switch can be assigned Default 65 Region Revision The revision for this MSTI Range 0 65535 Default 0 The MST name and revision number are both required to uniquely identify an MS...

Page 191: ... config spanning tree priority 40000 4 187 Console config spanning tree hello time 5 4 185 Console config spanning tree max age 38 4 186 Console config spanning tree forward time 20 4 184 Console config spanning tree pathcost method long 4 187 Console config spanning tree transmission limit 4 4 188 Console config Console config spanning tree mst configuration 4 189 Console config mstp revision 1 4...

Page 192: ...es learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch is booted then som...

Page 193: ...f a BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port or is an alternate or backup port that may provide connectivity if other bridges bridge ports or LANs f...

Page 194: ...ity used for this port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority ...

Page 195: ...uired to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Admin Link Type The link type attached to this interface Point to Point A connection to exactly one other ...

Page 196: ...nt connection or shared media connection and edge port to indicate if the attached device can support fast forwarding Console show spanning tree ethernet 1 5 4 202 Eth 1 5 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 200000 Designated port 128 5 Designated root 61440 0 0000E9313131 Designated bridge 614...

Page 197: ...ing Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the por...

Page 198: ...r bridge Shared A connection to two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media This is the default setting Admin Edge Port Fast Forwarding You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops th...

Page 199: ...ithm per Port CLI This example sets STA attributes for port 7 Configuring Multiple Spanning Trees MSTP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance Con...

Page 200: ...ees 1 Set the spanning tree type to MSTP STA Configuration page 3 141 2 Enter the spanning tree priority for the selected MST instance MSTP VLAN Configuration 3 Add the VLANs that will share this MSTI MSTP VLAN Configuration Note All VLANs are automatically added to the IST Instance 0 To ensure that the MSTI maintains connectivity across the network you must configure a related set of bridges with...

Page 201: ...ributes displayed by the CLI for individual interfaces are described under Displaying Interface Settings page 3 146 Web Click Spanning Tree MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier and click Add Figure 3 67 Configuring Multiple Spanning ...

Page 202: ...ax hops 20 Remaining hops 20 Designated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 0 Designated port 128 7 Designated root...

Page 203: ...utes MST Instance ID Instance identifier to configure Range 0 57 Default 0 Note The other attributes are described under Displaying Interface Settings page 3 146 Web Click Spanning Tree MSTP Port Information or Trunk Information Select the required MST instance to display the current spanning tree values Figure 3 68 Displaying MSTP Interface Settings Console config spanning tree mst configuration ...

Page 204: ...5 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 645 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External path cost 100000 Internal path cost...

Page 205: ...ormation Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 57 Default 0 Priority Defines the priority used for this port in the ...

Page 206: ...net 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duplex 10 000 trunk 5 000 Web Click Spanning Tree MSTP Port Configuration or Trunk Configuration Enter the priority and path cost for an interface and click Apply Figure 3 69 MSTP Port...

Page 207: ...ut having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes without having to update IP addresses or IP subnets V...

Page 208: ...rticipate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any end node host that does not su...

Page 209: ... switch can automatically learn the VLANs to which each end station should be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When this switch receives these messages it will automatically place the receiving port in the specified VLANs and then forward t...

Page 210: ...ached directly to a single switch you can assign ports to the same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagged VLANs but are only allowed one untagged VLAN Each port on the switch is capable of passing tagged or untagged frames When forwarding a fr...

Page 211: ...ured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 70 Enabling GVRP Status CLI This example enables GVRP for the switch Displaying Basic VLAN...

Page 212: ...and whether or not the port supports VLAN tagging Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4093 Console show bridge ext 4 225 Max support VLAN numbers 256 Max support VLAN ID 4093 Extended...

Page 213: ... 802 1Q VLAN Current Table Select any ID from the scroll down list Figure 3 72 Displaying VLAN Information by Port Membership Command Attributes CLI VLAN ID of configured VLAN 1 4093 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or...

Page 214: ...w VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4093 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Active VLAN is oper...

Page 215: ...lick Add Figure 3 73 Creating Virtual LANs CLI This example creates a new VLAN Console config vlan database 4 205 Console config vlan vlan 2 name R D media ethernet state active 4 206 Console config vlan end Console show vlan 4 215 VLAN Type Name Status Ports Channel groups 1 Static DefaultVlan Active Eth1 1 Eth1 2 Eth1 3 Eth1 4 Eth1 5 Eth1 6 Eth1 7 Eth1 8 Eth1 9 Eth1 10 Eth1 11 Eth1 12 Eth1 13 Et...

Page 216: ...d ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 173 Command Attributes VLAN ID of configured VLAN 1 4093 no leading zeroes Name Name of the VLAN 1 to 32 characters Status Enables or disables the spe...

Page 217: ...g the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 163 None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page Web Click VLAN 802 1Q VLAN Static Table Select a VLAN ...

Page 218: ...LAN Static Membership Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Console config interface ethernet 1 1 4 144 Console config if switchport a...

Page 219: ...ay for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network GARP Group Address Registration Protocol is used by GVRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed un...

Page 220: ...s always enabled Default Enabled Ingress filtering only affects tagged frames If a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP However they do affect VLAN dependent BPDU frames such as GMRP GVRP Status Enables disables GVRP for the interface GVRP must be globally...

Page 221: ... VLAN membership mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN However note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Hybrid Specifies a hybrid VLAN interface The p...

Page 222: ...sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 3 4 144 Console config if switchport acceptable frame types tagged 4 209 Console config if switchport ingress filtering 4 211 Console config if switchport native vlan 3 4 212 Console config if switchport gvrp 4 226 Console config if garp timer join 20 4 227 Console config if garp timer leave 90 Con...

Page 223: ...ternet while the community or isolated ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be associated with each primary VLAN One or more isolated VLANs can also be configured Note that private VLANs and normal VLANs can exist simultaneously within the same switch To configure primary secondary associated groups ...

Page 224: ...isolated VLAN Displaying Current Private VLANs The Private VLAN Information page displays information on the private VLANs configured on the switch including primary community and isolated VLANs and their assigned interfaces Command Attributes VLAN ID ID of configured VLAN 1 4093 and VLAN type Primary VLAN The VLAN with which the selected VLAN ID is associated A primary VLAN displays its own ID a ...

Page 225: ...ed as a host ports and are associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring Private VLANs The Private VLAN Configuration page is used to create remove primary community or isolated VLANs Command Attributes VLAN ID ID of configured VLAN 1 4093 Type There are three types of private VLANs Console show vlan private vlan 4 153 Primary Secondary Ty...

Page 226: ...configured VLANs Web Click VLAN Private VLAN Configuration Enter the VLAN ID number select Primary Isolated or Community type then click Add To remove a private VLAN from the switch highlight an entry in the Current list box and then click Remove Note that all member ports must be removed from the VLAN before it can be deleted Figure 3 78 Private VLAN Configuration CLI This example configures VLAN...

Page 227: ...iation Select the required primary VLAN from the scroll down box highlight one or more community VLANs in the Non Association list box and click Add to associate these entries with the selected primary VLAN A community VLAN can only be associated with one primary VLAN Figure 3 79 Private VLAN Association CLI This example associates community VLANs 6 and 7 with primary VLAN 5 Console config vlan da...

Page 228: ...ed port that can only communicate with the lone promiscuous port within its own isolated VLAN Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs Community VLAN A community VLAN conveys traffic between community port...

Page 229: ...es Use the Private VLAN Port Configuration and Private VLAN Trunk Configuration menus to set the private VLAN interface type and assign the interfaces to a private VLAN Command Attributes Port Trunk The switch interface PVLAN Port Type Sets private VLAN port types Normal The port is not assigned in a private VLAN Host The port is a community port or an isolated port A community port can communicat...

Page 230: ... ports to their designated promiscuous ports Set PVLAN Port Type to Host and then specify the associated Community VLAN Isolated VLAN Conveys traffic only between the VLAN s isolated ports and the promiscuous port Traffic between isolated ports within the VLAN is blocked Set the PVLAN Port Type to Host then specify an isolated VLAN by marking the check box for an Isolated VLAN and selecting the re...

Page 231: ...Protocol VLAN Configuration menu to create or remove protocol VLANs Command Attributes Protocol Group IP Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 Frame Type Ethernet frame type Protocol Type The options for Ethernet frame type includes IPV4 IPV6 ARP or RARP Console config interface ethernet 1 3 Console config if switchport mode private vlan promiscuous 4 208 Console...

Page 232: ...t Configuration menu to set the protocol VLAN settings per port Command Attributes Interface Port or Trunk indentifier Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4093 Web Click VLAN Protocol VLAN Port Configuration Figure 3 83 Protocol VLAN Port Configuration ...

Page 233: ...d then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tag...

Page 234: ...ct or Weighted Round Robin WRR Up to eight separate traffic Console config interface ethernet 1 3 4 144 Console config if switchport priority default 5 4 230 Console config if end Console show interfaces switchport ethernet 1 3 4 154 Information of Eth 1 3 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit enable K bits per second 25 VLAN membership mode Hybrid ...

Page 235: ...its application traffic for your own network Command Attributes Interface Select port or trunk identifier Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class Output queue buffer Range 0 7 where 7 is the highest CoS priority queue CLI shows Queue ID Table 3 12 Egress Queue Priority Mapping Queue 0 1 2 3 4 5 6 7 Priority 2 0 1 3 4 5 6 7 Table 3 13 CoS Priority Levels Priority ...

Page 236: ...assignments to a one to one mapping Note Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 144 Console config queue cos map 0 0 4 234 Console config queue cos map 1 1 Console config queue cos map 2 2 Console config exit Console show queue cos map ethe...

Page 237: ...ents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10 12 14 for queues 0 through 7 respectively This is the default selection Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing lower...

Page 238: ...ues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic class Rang...

Page 239: ...fic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP DSCP Priority and then Default Port Priority Selecting IP DSCP Priority The switch allows you to enable or disable IP DSCP priority Command Attributes Enabled En...

Page 240: ... is six bits wide allowing coding for up to 64 different forwarding behaviors The DSCP retains backward compatibility with the three precedence bits so that non DSCP compliant will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP v...

Page 241: ...rity and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value field then click Apply Figure 3 89 Mapping IP DSCP Priority to Class of Service Values Table 3 14 Mapping DSCP Priority IP DSCP Value CoS Value 0 0 8 1 10 12 14 16 2 18 20 22 24 3 26 28 30 32 34 36 4 38 ...

Page 242: ...g an ACL rule as shown in the following table Note that the specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see page 3 188 Console config map ip dscp 4 237 Console config interface ethernet 1 1 4 144 Console config if map ip dscp 1 cos 0 4 238 Console config if end Conso...

Page 243: ...lays the configured information For information on configuring ACLs see page 3 92 Web Click Priority ACL CoS Priority Enable mapping for any port select an ACL from the scroll down list then click Apply CLI This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 24 Console config interface ethernet 1 24 4 144 Console config if map access list ip bill cos...

Page 244: ...assed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure ...

Page 245: ...appropriate interfaces within the switch Static IGMP Host Interface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 205 Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently Based on the IGMP query and report messages the switch...

Page 246: ...is is also referred to as IGMP Snooping Default Enabled Act as IGMP Querier When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10...

Page 247: ...his example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 4 241 Console config ip igmp snooping querier 4 245 Console config ip igmp snooping query count 10 4 246 Console config ip igmp snooping query interval 100 4 247 Console config ip igmp snooping query max response time 20 4 247 Console config ip igmp snooping query time out...

Page 248: ...on the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snooping M...

Page 249: ...ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Snooping Static Multicast Router Port Configurat...

Page 250: ...up Port List Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propagating this multicast service Figure 3 93 Displaying Port Members of Mu...

Page 251: ...t add all the ports attached to participating hosts to a common VLAN and then assign the multicast service to that VLAN group Command Usage Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down ...

Page 252: ...er you have completed adding ports to the member list click Apply Figure 3 94 Specifying Multicast Port Membership CLI This example assigns a multicast address to VLAN 1 and then displays all the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 12 4 242 Console config exit Console show mac address table multicast vlan 1 4 244 VLAN M c...

Page 253: ...ge To enable DNS service on this switch first configure one or more name servers and then enable domain lookup status To append domain names to incomplete host names received from a DNS client i e not formatted with dotted notation you can specify a default domain name or a list of domain names to be tried in sequential order If there is no domain list the default domain name is used If there is a...

Page 254: ...haracters Domain Name List Defines define a list of domain names that can be appended to incomplete host names Range 1 64 alphanumeric characters Name Server List Specifies the address of one or more domain name servers to use for name to address resolution Range 1 6 IP addresses Web Click DNS General Configuration Set the default domain name or list of domain names specify one or more name server...

Page 255: ...ons via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Command Attributes Host Name Name of a host device that is mapped to one or more IP addresses Range 1 64 characters Console config ip domai...

Page 256: ...es then click Add Figure 3 96 Mapping IP Addresses to a Host Name CLI This example maps two address to a host name Displaying the DNS Cache You can display entries in the DNS cache that have been learned via the designated name servers Console config ip host rd5 192 168 1 55 10 1 0 55 Console config ip host rd6 10 1 0 55 Console show host Hostname rd5 Inet address 192 168 1 55 10 1 0 55 Console ...

Page 257: ...d ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this record Web Click DNS Cache Figure 3 97 Displaying the DNS Cache CLI This example displays all the resource records learned from the designated name server...

Page 258: ...CONFIGURING THE SWITCH 3 212 ...

Page 259: ... on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec Bu...

Page 260: ... address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated network then you can use any IP address that matches the network segment to which you are at...

Page 261: ...et command the login screen displays Note You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters For example in the command show interfaces status ethernet 1 5 show interfaces and ...

Page 262: ... CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further input Command Completion If you terminate input with a Tab key the CLI will print the remaining characters of a partial keyword up to the point of ambiguity In the logging history example typing log foll...

Page 263: ... interfaces Interface information ip IP information lacp LACP statistics line TTY line information log Login records logging Login setting mac address table Configuration of the address table management Management IP filter map Maps priority port Port characteristics public key Public key information queue Priority queue information radius server RADIUS server information running config Informatio...

Page 264: ...mmand will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or ...

Page 265: ...n you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session w...

Page 266: ...ing config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet filtering Interface Configuration These commands modify the port configuration such as speed dupl...

Page 267: ...the configuration prompt type one of the following commands Use the exit or end command to return to the Privileged Exec mode For example you can use the following commands to enter interface configuration mode and then return to Privileged Exec mode Console configure Console config Table 4 2 Configuration Commands Mode Command Prompt Page Line line console vty Console config line 4 13 Access Cont...

Page 268: ...ne Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters ...

Page 269: ...on access using local or remote authentication also configures port security and IEEE 802 1X port access control 4 90 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP frames based on MAC address or Ethernet type 4 112 SNMP Activates authentication failure traps configures community access strings and trap managers also...

Page 270: ...panning Tree Configures Spanning Tree settings for the switch 4 180 VLANs Configures VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs 4 204 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for the bridge extension MIB 4 224 Priority Sets port priority for untagged frames selects strict p...

Page 271: ...Sets the interval that the command interpreter waits until user input is detected LC 4 18 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 19 silent time These commands only apply to the serial port Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by th...

Page 272: ...net Default Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 4 24 show use...

Page 273: ... by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respective...

Page 274: ...nection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The encrypted password is required for compatibility...

Page 275: ...ault Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Exa...

Page 276: ...tting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To s...

Page 277: ...s Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and Telnet connections Exa...

Page 278: ...e console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 19 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value...

Page 279: ...data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 4 21 parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Line Con...

Page 280: ... speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If y...

Page 281: ... bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command disconnect Use this command to terminate an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Console config line speed 57600 Console config line Console config...

Page 282: ...disconnect an SSH or Telnet connection Example Related Commands show ssh 4 53 show users 4 80 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Console disconnect 1 Console ...

Page 283: ...onsole Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 26 disable Returns to normal mode from privileged mode PE 4 27 configure Activates global configuration mode PE 4 27 show history Shows the command history buffer NE PE 4 28 reload Restarts the system PE 4 29 end Returns to Privileged Exec mode any config mode 4 29 exit Returns to the previous config...

Page 284: ...ls 0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 4 35 The character is appended to the end of the prompt to indicate that the system is in p...

Page 285: ...r is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 4 26 configure This command activates Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Configuration Line Configura...

Page 286: ...xec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buffer Console configure Console config Console show history Execution command history 2 config 1 show history Configuration command history 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console ...

Page 287: ...This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch end This...

Page 288: ...tion mode exit This command returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Console config if end Console Console config exit Co...

Page 289: ... Table 4 7 System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 4 32 User Access Configures the basic user names and passwords for management access 4 33 IP Filter Configures IP addresses that are allowed management access 4 36 Web Server Enables management access via a web browser 4 38 Telnet Server Enables managemen...

Page 290: ...tion System Status Displays system configuration active managers and version information 4 75 Frame Size Enables support for jumbo frames 4 81 Table 4 8 Device Designation Commands Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 4 32 hostname Specifies the host name for the switch GC 4 33 snmp server contact Sets the system contact string GC 4 127 snmp server loca...

Page 291: ...ent access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 13 user authentication via a remote authentication server page 4 90 and host access authentication for specific ports page 4 103 Console config prompt RD2 RD2 config Console config hostname RD 1 Console config Table 4 9 User Access Commands Command Funct...

Page 292: ...um users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The defau...

Page 293: ...rivileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password password for this privilege level Maximum length 8 characters plain text 32 encrypted case sensiti...

Page 294: ...ious protocols Use the no form to restore the default setting Syntax no management all client http client snmp client telnet client start address end address all client Adds IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group start address A single IP ad...

Page 295: ...or the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying bo...

Page 296: ...w management all client Management Ip Filter Http Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Snmp Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Telnet Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Command Command Functio...

Page 297: ...ting 80 Command Mode Global Configuration Example Related Commands ip http server 4 39 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server ip http secure server Enables HTTPS SSL for encrypted communications GC 4 40 ip http secure port Specifies the UDP port number for HTTPS SSL GC 4 41 Consol...

Page 298: ...onnection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Default Setting Enabled Command Mode Global Configuration Command Usage Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you ...

Page 299: ...ting systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 73 Also refer to the copy command on page 4 83 Example Related Commands ip http secure port 4 41 copy tftp https certificate 4 83 ip http secure port This command specifies the UDP port number used for HTTPS SSL connection to the switch s web interface Use the no fo...

Page 300: ...de Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Related Commands ip http secure server 4 40 Console config ip http secure port 1000 Console config ...

Page 301: ...port This command specifies the TCP port number used by the Telnet interface Use the no form to use the default port Syntax no ip telnet port port number port number The TCP port to be used by the browser interface Range 1 65535 Table 4 14 Telnet Server Commands Command Function Mode Page ip telnet server Allows the switch to be monitored or configured from Telnet GC 4 43 ip telnet port Specifies ...

Page 302: ... Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When a client contacts the switch via the SSH protocol the switch uses a public key that the client must match along with a local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management stati...

Page 303: ... the SSH server GC 4 48 ip ssh authentication retries Specifies the number of retries allowed by a client GC 4 49 ip ssh server key size Sets the SSH server key size GC 4 50 copy tftp public key Copies the user s public key from a TFTP server to the switch PE 4 83 delete public key Deletes the public key for the specified user PE 4 50 ip ssh crypto host key generate Generates the host key PE 4 51 ...

Page 304: ...82 59566410486957427888146206 519417467729848654686157177393901647793559423035774130980227370877945452408397 1752646358058176716709574804776117 3 Import Client s Public Key to the Switch Use the copy tftp public key command to copy a file containing the public key for all the SSH client s granted management access to the switch Note that these clients must be configured locally on the switch with ...

Page 305: ...switch uses the public key to encrypt a random sequence of bytes and sends this string to the client d The client uses its private key to decrypt the bytes and sends the decrypted bytes back to the switch e The switch compares the decrypted bytes to the original bytes it sent If the two sets match this means that the client s private key corresponds to an authorized public key and the client is au...

Page 306: ... 56 bit or 3DES 168 bit for data encryption You must generate the host key before enabling the SSH server Example Related Commands ip ssh crypto host key generate 4 51 show ssh 4 53 ip ssh timeout This command configures the timeout for the SSH server Use the no form to restore the default setting Syntax ip ssh timeout seconds no ip ssh timeout seconds The timeout for client response during SSH ne...

Page 307: ...53 ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no form to restore the default setting Syntax ip ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration ...

Page 308: ...ion Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key This command deletes the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Delete...

Page 309: ... RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying t...

Page 310: ... the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related Commands ip ssh crypto host key generate 4 51 ip ssh save host key 4 52 no ip ssh server 4 47 ip ssh save host key This command saves the host key from RAM to flash memory Syntax ip ssh save host k...

Page 311: ...e SSH server Command Mode Privileged Exec Example show ssh This command displays the current SSH server connections Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Sessio...

Page 312: ...DES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three ite...

Page 313: ...ng is the encoded modulus Example Console show public key host Host RSA 1024 65537 1568499540186766925933394677505461732531367489083654725415020245593 199868544358361651999923329781766065830958610825913212890233765468017262725714 134287629413011961955667825956641048695742788814620651941746772984865468615717 739390164779355942303577413098022737087794545240839717526463580581767167095748 04776117 DSA...

Page 314: ...that are stored Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 56 logging history Limits syslog messages saved to switch memory based on severity GC 4 57 logging host Adds a syslog server host IP address that will receive logging messages GC 4 58 logging facility Sets the facility type for remote logging of syslog messages GC 4 59 lo...

Page 315: ... on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 18 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning conditions e g retu...

Page 316: ...erver host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration 1 alerts Immediate action needed 0 emergencies System unusable Console config logging history ram 0 Console config Table 4 18 Logging Levels Continued L...

Page 317: ...pe A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort ...

Page 318: ...ogging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 57 Default Setting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also enab...

Page 319: ...nds show log 4 63 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on po...

Page 320: ...M level debugging Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message level s reported based on the logging history command Console show logging trap Syslog loggin...

Page 321: ...how logging trap display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for sy...

Page 322: ...tification level 6 module 5 function 1 and event no 1 Console Table 4 21 SMTP Alert Commands Command Function Mode Page loggingsendmailhost Specifies SMTP servers that will be sent alert messages GC 4 65 logging sendmail level Sets the severity threshold used to trigger alert messages GC 4 66 logging sendmail source email Sets the email address used for From field of alert messages GC 4 66 logging...

Page 323: ...mmand to specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in...

Page 324: ...ates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from level 3 through 0 logging sendmail source email This command sets the email address used for the From field in alert messages Syntax logging sendmail sou...

Page 325: ...s of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient Examp...

Page 326: ...tion Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enabled...

Page 327: ... servers specified with the sntp servers command Use the no form to disable SNTP client requests Syntax no sntp client Default Setting Disabled Command Mode Global Configuration Table 4 22 Time Commands Command Function Mode Page sntp client Accepts time from specified time servers GC 4 69 sntp server Specifies one or more time servers GC 4 69 sntp poll Sets the interval at which the client polls ...

Page 328: ...lated Commands sntp client 4 69 sntp poll 4 71 show sntp 4 72 sntp server This command sets the IP address of the servers to which SNTP time requests are issued Use the this command with no arguments to clear all time servers from the current list Syntax sntp server ip1 ip2 ip3 ip IP address of an time server NTP or SNTP Range 1 3 addresses Default Setting None Console config sntp server 10 1 0 19...

Page 329: ...d on the interval set via the sntp poll command Example Related Commands Related Commands 4 70 sntp poll 4 71 show sntp 4 72 sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode Use the no form to restore to the default Syntax sntp poll seconds no sntp poll seconds Interval between time requests Range 16 16384 seconds Default Setting 16 ...

Page 330: ...mple clock timezone This command sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours before after UTC Range 1 13 hours minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC after ...

Page 331: ...st after of UTC Example Related Commands show sntp 4 72 calendar set This command sets the system clock It may be used if there is no time server on your network or if you have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of mo...

Page 332: ...le shows how to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Default Setting None Command Mode Normal Exec Privileged Exec Example Console calendar set 15 12 34 1 February 2002 Console Console show calendar 15 12 34 February 1 2002 Console ...

Page 333: ...de group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Table 4 23 System Status Commands Command Function Mode Page show running config Displays the configuration dat...

Page 334: ...tion information currently in use Default Setting None Command Mode Privileged Exec Console show startup config building startup config please wait username admin access level 15 username admin password 0 admin username guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw vlan database vlan 1 name Def...

Page 335: ...group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for the switch Span...

Page 336: ...community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport n...

Page 337: ...ystem System description SMC8728L2 L2 GE Switch System OID string 1 3 6 1 4 1 202 20 58 System information System Up time 0 days 2 hours 3 minutes and 47 49 seconds System Name R D 5 System Location WC 9 System Contact Geoff MAC address unit1 00 30 F1 DF 9C A0 Web server enable Web server port 80 Web secure server enable Web secure server port 443 Telnet server enable Telnet server port 23 Jumbo F...

Page 338: ... e session index number Example show version This command displays hardware and software version information for the system Default Setting None Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168 1...

Page 339: ... for jumbo frames Use the no form to disable it Syntax no jumbo frame Default Setting Disabled Console show version Unit 1 Serial number A429048179 Hardware version R01 EPLD version 15 15 Number of ports 48 Main power status up Redundant power status not present Agent master Unit ID 1 Loader version 1 0 1 3 Boot ROM version 1 0 1 4 Operation code version 1 0 0 4 Console Table 4 24 Frame Size Comma...

Page 340: ...nation end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast st...

Page 341: ...config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key copy unit file file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you ...

Page 342: ...itch Valid characters A Z a z 0 9 _ Due to the size limit of the flash memory the switch supports only two operation code files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you mu...

Page 343: ...file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to ...

Page 344: ...figuration file or image name unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number Console copy tftp public key TFTP server IP address 192 168 1 19 Choose public key type 1 RSA 2 DSA 1 2 1 ...

Page 345: ...x dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors information on this file cannot be shown unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec C...

Page 346: ...ichboot unit unit Stack unit Range 1 8 Default Setting None Table 4 26 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name file type startup size byte Unit1 diag_0060 Boot Rom image Y 1...

Page 347: ... of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or image name unit Stack unit Range 1 8 The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the def...

Page 348: ...mmand Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 90 RADIUS Client Configures settings for authentication via a RADIUS server 4 93 TACACS Client Configures settings for authentication via a TACACS server 4 98 Port Security Configures secure addresses for a port 4 100 Port Authentication Configures host authentication on specific ports using 802 ...

Page 349: ...pts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command ...

Page 350: ...US server password only tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of...

Page 351: ...entication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console config authentication enable radius Console config Table 4 29 RADIUS Client Commands Co...

Page 352: ...nce until a server responds or the retransmit period expires host_ip_address IP address of server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used for authentication messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authentica...

Page 353: ... 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Console config radius server 1 host 192 168 1 20 port 18...

Page 354: ...ore the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example Console config radius server key green Console config Console config radius server retransmit 5 Console config ...

Page 355: ...tch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration Global settings Co...

Page 356: ...r host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example Table 4 30 TACACS Client Commands Command Function Mode Page tacacs server host Specifies the TACACS server GC 4 98 tacacs server por...

Page 357: ...1 65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mo...

Page 358: ...eady stored in the dynamic or static address table for this port will be authorized to access the network The port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disablin...

Page 359: ...take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 where 0 means disabled Default Setting Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Tabl...

Page 360: ...et the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled using...

Page 361: ...t identity packet to the client before it times out the authentication session IC 4 105 dot1x port control Sets dot1x mode for a port interface IC 4 105 dot1x operation mode Allows single or multiple hosts on a dot1x port IC 4 106 dot1x re authenticate Forces re authentication on specific ports PE 4 107 dot1x re authentication Enables re authentication for all ports IC 4 107 dot1x timeout quiet pe...

Page 362: ... Syntax no dot1x system auth control Default Setting Disabled Command Mode Global Configuration Example dot1x default This command sets all configurable dot1x global and port settings to their default values Syntax dot1x default Command Mode Global Configuration Example Console config dot1x system auth control Console config Console config dot1x default Console config ...

Page 363: ... control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients eith...

Page 364: ...ingle host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max count parameter specified by this command is only effective if the dot...

Page 365: ... unit Always unit 1 port Port number Range 1 30 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x operation mode multi host max count 10 ...

Page 366: ...od seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configura...

Page 367: ...0 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 30 Console config interface eth 1 2 Console config i...

Page 368: ...thenticated page 4 108 quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 4 108 tx period Time a port waits during authentication session before re transmitting EAP packet page 4 109 supplicant timeout Supplicant timeout server timeout Server timeout reauth max Maximum number of reauthentication attempts max req Maximum number of times...

Page 369: ... Reauthentication State Machine State Current state including initialize reauthenticate Example Console show dot1x Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 25 disabled Single Host ForceAuthorized yes 1 26 enabled Single Host Auto...

Page 370: ...ne by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL f...

Page 371: ...s matched the implicit default is permit all IP ACLs Table 4 33 Access Control List Commands Command Groups Function Page IP ACLs Configure ACLs based on IP addresses TCP UDP port number protocol type and TCP control code 4 113 ACL Information Display ACLs and associated rules shows ACLs assigned to each port 4 122 Table 4 34 IP ACL Commands Command Function Mode Page access list ip Creates an IP ...

Page 372: ...cters Default Setting None Command Mode Global Configuration Command Usage An egress ACL must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to show ip access list Displays the rules for configured IP ACLs PE 4 117 ip access group Adds a port to an IP ACL IC 4 118 show ip access group Shows port assig...

Page 373: ...The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address Default Setting None Command Mode Standard ACL Command Usage New rules ar...

Page 374: ...tion IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no permit deny protocol number udp any source address bitmask host source any destination address bitmask host destination source port sport end destination port dport end no permit deny tcp any source address bitmask host source any destination address bitmask host de...

Page 375: ...ess for each IP packet entering the port s to which this ACL has been assigned Example This example accepts any incoming packets if the source address is within subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through This allows TCP packets from class C addresses 192 168 1 0 to any destination...

Page 376: ... This command binds a port to an IP ACL Use the no form to remove the port Syntax no ip access group acl_name in out acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL Co...

Page 377: ...Commands ip access group 4 118 map access list ip This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list ip acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value Co...

Page 378: ...queue cos map on 4 234 Example Related Commands queue cos map 4 234 show map access list ip 4 120 show map access list ip This command shows the CoS value mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit Stack unit Always unit 1 Table 4 35 Egress Queue ...

Page 379: ...ST COMMANDS 4 121 port Port number Range 1 30 Command Mode Privileged Exec Example Related Commands map access list ip 4 119 Console show map access list ip Access list to COS of Eth 1 24 Access list ALS1 cos 0 Console ...

Page 380: ...ows all ACLs and associated rules PE 4 122 show access group Shows the ACLs assigned to each port PE 4 123 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 ...

Page 381: ...ult specify read and write access views for the MIB tree configure SNMP user groups with the required security model i e SNMP v1 v2c or v3 and security level i e authentication and privacy and then assign SNMP users to these groups along with their specific authentication and privacy passwords Console show access group Interface ethernet 1 25 IP standard access list david IP access list jerry Cons...

Page 382: ... GC 4 129 snmp server enable traps Enables the device to send SNMP traps i e SNMP notifications GC 4 132 snmp server engine id Sets the SNMPv3 engine ID GC 4 133 show snmp engine id Shows the SNMPv3 engine ID PE 4 134 snmp server view Adds an SNMPv3 view GC 4 135 show snmp view Shows the SNMPv3 views PE 4 136 snmp server group Adds an SNMPv3 group mapping users to views GC 4 137 show snmp group Sh...

Page 383: ...None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command Console config snmp server Console config ...

Page 384: ...ead only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP loggin...

Page 385: ...stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configu...

Page 386: ...on This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server contact 4 127 Console config snmp server contact Paul Console config Console con...

Page 387: ...eceipt Range 0 255 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp server host command by itself we recommend that you define t...

Page 388: ... least one snmp server enable traps command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled Notifications are issued by the switch as trap messages by default The recipient of a trap message does not send a response to the switch Traps are the...

Page 389: ...hat includes the required notify view page 4 137 6 Specify a remote engine ID where the user resides page 4 133 7 Then configure a remote user page 4 140 The switch can send SNMP version 1 2c or 3 notifications to a host IP address depending on the SNMP version that the management station supports If the snmp server host command does not specify the SNMP version the default is to send SNMP version...

Page 390: ...tion Command Usage If you do not enter an snmp server enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only ...

Page 391: ...orm to restore the default Syntax snmp server engine id local remote ip address engineid string no snmp server engine id local remote address local Specifies the SNMP engine on this switch remote Specifies an SNMP engine on a remote device ip address The Internet address of the remote device engineid string String identifying the engine ID Range 1 26 hexadecimal characters Default Setting A unique...

Page 392: ... You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it Trailing zeroes need not be entered to uniquely specify a engine ID In other words the value 1234 is equivalent to 1234 followed by 22 zeroes A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID If the local engineI...

Page 393: ... an included view excluded Defines an excluded view Default Setting defaultview includes access to the entire MIB tree Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engineBoots 1 Remote SNMP engineID IP address 80000000030004e2b316c54321 192 168 1 19 Console Table 4 38 show snmp engine id display description Field Description Local SNMP engineID String ident...

Page 394: ...B 2 interfaces table ifDescr The wild card is used to select all the index values in this table This view includes the MIB 2 interfaces table and the mask selects all index entries show snmp view This command shows information on the SNMP views Command Mode Privileged Exec Console config snmp server view mib 2 1 3 6 1 2 1 included Console config Console config snmp server view ifEntry 2 1 3 6 1 2 ...

Page 395: ... with authentication and privacy See Simple Network Management Protocol on page 3 42 for further information about these authentication and encryption options Console show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type nonvolatile Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type nonvolatile Row Status active Console Table 4 ...

Page 396: ... algorithm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For additional information on the notification messages supported by this switch see Supported Notification Messages on page 3 59 Also note that the authentication link up and link down messages are legacy traps and must therefore be enabled in conjunction w...

Page 397: ...aultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Console Table 4 40 show snmp group disp...

Page 398: ... ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des5...

Page 399: ... device where the user resides The remote agent s SNMP engine ID is used to compute authentication privacy digests from the user s password If the remote engine ID is not first configured the snmp server user command specifying a remote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefo...

Page 400: ... Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 41 show snmp user display description Field Description EngineId String identifying the engine ID User Name Name of user connecting to the SNMP agent Authentication Protocol The authentication protocol used with SNMPv3 Privacy Protocol The privacy protocol used with SNMPv3 Stora...

Page 401: ...rface when autonegotiation is disabled IC 4 145 negotiation Enables autonegotiation of a given interface IC 4 146 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 147 flowcontrol Enables flow control on a given interface IC 4 148 shutdown Disables an interface IC 4 149 clear counters Clears statistics on an interface PE 4 150 show interfaces status Disp...

Page 402: ...30 port channel channel id Range 1 6 vlan vlan id Range 1 4093 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this interf...

Page 403: ...ll duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 1000full for Gigabit Ethernet ports Command Mode Interface Configuration Ethernet Port Channel Command Usage To force ope...

Page 404: ... for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the spee...

Page 405: ...n 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asym...

Page 406: ...peed duplex 4 145 flowcontrol 4 148 flowcontrol This command enables flow control Use the no form to disable flow control Syntax no flowcontrol Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled bac...

Page 407: ...l on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Example The following example enables flow control on port 5 Related Commands negotiation 4 146 capabilities flowcontrol symmetric 4 147 shutdown This command disables an interface To restart a disabled interfac...

Page 408: ...nterface interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management int...

Page 409: ...k unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 3 100 Console ...

Page 410: ...s ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled LACP Disabled Port security Disabled Max MAC count 0 Port security action None Media type None Current statu...

Page 411: ...064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 227208 Packets 3338 ...

Page 412: ...ged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet 1 24 Broadcast threshold Enabled 500 packets second LACP status Enabled Ingress rate limit disable Level 30 VLAN membership mode Hybrid Ingress rule Enabled Acceptable frame type All frames Native...

Page 413: ...enabled Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 209 Native VLAN Indicates the default Port VLAN ID page 4 212 Priority for untagged traffic Indicates the default priority for untagged frames page 4 229 GVRP status Shows if GARP VLAN Registration Protocol is enabled or disabled page 4 226 Allowed VLAN Shows the VLANs this interface has jo...

Page 414: ...ng 500 packets per second Command Mode Global Configuration Command Usage When broadcast traffic exceeds the specified threshold packets above that threshold are dropped The specified threshold value applies to all ports on the switch Table 4 44 Broadcast Commands Command Function Mode Page broadcast packet rate Configures the global threshold level GC 4 156 switchport broadcast Enables broadcast ...

Page 415: ...broadcast storm control on an interface Use the no form to disable broadcast storm control on an interface Syntax no switchport broadcast Default Setting Enabled Command Mode Interface Configuration Example The following shows how to disable broadcast storm control on an interface Console config broadcast packet rate 600 Console config if no switchport broadcast ...

Page 416: ...rt unit Stack unit Always unit 1 port Port number Range 1 30 rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Table 4 45 Mirror Port Commands Command Func...

Page 417: ...s must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror all packets from port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit Stack unit Always unit 1 por...

Page 418: ...y the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled Syntax rate limit input rate no rate limit input Console config interface eth...

Page 419: ...61 input Input rate rate Percentage Default Setting 100 percent Command Mode Interface Configuration Ethernet Port Channel Example Console config interface ethernet 1 1 Console config if rate limit input 600 Console config if ...

Page 420: ...perating at full duplex Table 4 47 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interfaceport channel Configures a trunk and enters interface configuration mode for the trunk GC 4 144 channel group Adds a port to a trunk IC Ethernet 4 164 Dynamic Configuration Commands lacp Configures LACP for the current interface IC Ethernet 4 164 lacp system priority Config...

Page 421: ...channel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channe...

Page 422: ...ic trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 lacp This command enables 802 3ad Link Aggregation Control Protocol LACP for the current interface Use the no form to disable it Syntax no...

Page 423: ...ormed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails ...

Page 424: ...11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if end Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A4 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Flow control Disabled Port secu...

Page 425: ...ode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already in u...

Page 426: ...m priority matches 2 the LACP port admin key matches and 3 the LACP port channel admin key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote side ...

Page 427: ... Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Inte...

Page 428: ...ates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side...

Page 429: ...messages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec Example Console show lacp 1 counters Channel group 1 Eth 1 2 LACPDUs Sent 10 LACPDUs Receive 5 Marker Sent 0 Marker ...

Page 430: ...s group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Console show lacp internal Channel group 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key ...

Page 431: ...administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggre...

Page 432: ...igned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partn...

Page 433: ...A0 10 32768 00 30 F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D4 73 A0 Table 4 51 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ...

Page 434: ...k unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration mac address table aging time Sets the aging time of the address table GC 4 1...

Page 435: ...ddress is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this command Example clear mac address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system ...

Page 436: ...e Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted when system is reset The mask should be hexadecimal numbers representing an equivalent bit mask in the form xx xx xx xx ...

Page 437: ...aging time seconds Aging time Range 10 1000000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console show mac address table Interface Mac Address Vlan Type Eth 1 1 00 00 00 00 00 17 1 Learned Eth 1 1 00 E0 29 94 34 DE 1 Delete on reset Console Console config...

Page 438: ...3 Spanning Tree Commands Command Function Mode Page spanning tree Enables the spanning tree protocol GC 4 182 spanning tree mode Configures STP or RSTP mode GC 4 183 spanning tree forward time Configures the spanning tree bridge forward time GC 4 184 spanning tree hello time Configures the spanning tree bridge hello time GC 4 185 spanning tree max age Configures the spanning tree bridge maximum ag...

Page 439: ... IC 4 194 spanning tree port priority Configures the spanning tree priority of an interface IC 4 195 spanning tree edge port Enables fast forwarding for edge ports IC 4 196 spanning tree portfast Sets an interface to fast forwarding IC 4 197 spanning tree link type Configures the link type for RSTP IC 4 198 spanning tree mst cost Configures the priority of an instance in the MST IC 4 198 spanning ...

Page 440: ...ect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This exa...

Page 441: ...creates one spanning tree instance for the entire network If multiple VLANs are implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the in...

Page 442: ...LAN instance assignments Be careful when switching between spanning tree modes Changing modes stops all spanning tree instances for the previous mode and restarts the system in the new mode temporarily disrupting user traffic Example The following example configures the switch to use Rapid Spanning Tree spanning tree forward time This command configures the spanning tree bridge forward time global...

Page 443: ...ry data loops might result Example spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree hello time time no spanning tree hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 Default Setting 2 seconds Command Mode Global Configuration...

Page 444: ...Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes ...

Page 445: ... is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Example spanning tree pathcost method This command configures the path cost method used for Rapid Spanning Tree and Multiple Spanning Tree Use the no...

Page 446: ...d to ports with slower media Note that path cost page 4 194 takes precedence over port priority page 4 195 Example spanning tree transmission limit This command configures the minimum interval between the transmission of consecutive RSTP MSTP BPDUs Use the no form to restore the default Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit i...

Page 447: ...riority 4 190 name 4 191 revision 4 192 max hops 4 193 mst vlan This command adds VLANs to a spanning tree instance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs Syntax no mst instance_id vlan vlan range instance_id Instance identifier of the spanning tree Range 0 4094 vlan range Range of VLANs Range 1 4093 Default Setting None Cons...

Page 448: ...LANs which cover the same general area of your network However remember that you must configure all bridges within the same MSTI Region page 4 191 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree Example mst priority This command configures t...

Page 449: ...device You can set this switch to act as the MSTI root device by specifying a priority of 0 or as the MSTI alternate device by specifying a priority of 16384 Example name This command configures the name for the multiple spanning tree region in which this switch is located Use the no form to clear the name Syntax name name name Name of the spanning tree Default Setting Switch s MAC address Command...

Page 450: ...the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Default Setting 0 Command Mode MST Configuration Command Usage The MST region name page 4 191 and revision number are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured...

Page 451: ...s never changed However each spanning tree instance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the message is dropped Example spanning tree spanning disabled This command disa...

Page 452: ...00 000 Default Setting Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values shou...

Page 453: ...erface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric...

Page 454: ...state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However...

Page 455: ...through the spanning tree state changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command i...

Page 456: ...other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on point to point links between two bridges If you designate a port as a shared link RSTP is ...

Page 457: ... 0 is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage Each spanning tree instance is associated with a unique set of VLAN IDs This command is used by th...

Page 458: ...ority Priority for an interface Range 0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active li...

Page 459: ...ivileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfaces i e RSTP or STP compa...

Page 460: ...ge Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst instance_id command to display the spanning ...

Page 461: ... Current root cost 10000 Number of topology changes 1 Last topology changes time sec 21561 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding External admin path cost 10000 Internal admin path cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 0 Designated port 128 1 Designated root 32768 0...

Page 462: ...ic VLAN registration for the selected interface Console show spanning tree mst configuration Mstp Configuration Information Configuration name R D Revision level 0 Instance Vlans 1 2 Console Table 4 54 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 205 Configuring VLAN Interfaces Configures VLAN interface parameters including ingre...

Page 463: ... the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Related Commands show vlan 4 215 Table 4 55 Editing VLAN Groups Command Function Mode Page vlan database Enters ...

Page 464: ...ame vlan name ASCII string from 1 to 32 characters media ethernet Ethernet media type state Keyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes t...

Page 465: ...8 switchport mode Configures VLAN membership mode for an interface IC 4 208 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 209 switchport ingress filtering Enables ingress filtering on an interface IC 4 211 switchport native vlan Configures the PVID native VLAN of an interface IC 4 212 switchport allowed vlan Configures the VLANs associated with an int...

Page 466: ...interface configuration mode to VLAN 1 and then assign an IP address to the VLAN Related Commands shutdown 4 149 switchport mode This command configures the VLAN membership mode for a port Use the no form to restore the default Syntax switchport mode hybrid access no switchport mode hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames access Specifies an access ...

Page 467: ...igures the acceptable frame types for a port Use the no form to restore the default Syntax switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all fra...

Page 468: ... following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 208 Console config interface ethernet 1 1 Console config if switchport acceptable frame types tagged Console config if ...

Page 469: ...ss filtering Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames With ingress filtering enabled a port will discard received frames tagged for VLANs for it which it is not a member Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent BPDU fra...

Page 470: ...annel Command Usage Setting the native VLAN for a port can only be performed when the port is a member of the VLAN and the VLAN is untagged The no switchport native vlan command will set the native VLAN of the port to untagged VLAN 1 If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress port Example The f...

Page 471: ...t of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4093 Default Setting All ports are assigned to VLAN 1 by default The default frame type is untagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode se...

Page 472: ...e The following example shows how to add VLANs 1 2 5 and 6 to the allowed list as tagged VLANs for port 1 switchport forbidden vlan This command configures forbidden VLANs Use the no form to remove the list of forbidden VLANs Syntax switchport forbidden vlan add vlan list remove vlan list no switchport forbidden vlan add vlan list List of VLAN identifiers to add remove vlan list List of VLAN ident...

Page 473: ...show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCII string from 1 to 32 characters Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 4 57 Displaying VLAN Information Command Function Mode...

Page 474: ...ed VLANs on the other hand consist a single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports In all cases the promiscuous ports are designed to provide open access to an external network such as the Internet while the community or isolated ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple co...

Page 475: ... VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN Table 4 58 Private VLAN Commands Command Function Mode Page Edit Private VLAN Groups private vlan Adds or deletes primary community or isolated VLANs VC 4 218 private vlan association Associates a community VLAN with a primary VLAN VC 4 219 Configure Private VLAN Interfaces switchport mode private vlan Sets ...

Page 476: ...Use the show vlan private vlan command to verify your configuration settings private vlan Use this command to create a primary community or isolated private VLAN Use the no form to remove the specified private VLAN Syntax private vlan vlan id community primary isolated no private vlan vlan id vlan id ID of private VLAN Range 1 4093 no leading zeroes community A VLAN in which traffic is restricted ...

Page 477: ...as been assigned to a private VLAN it cannot be dynamically moved to another VLAN via GVRP Private VLAN ports cannot be set to trunked mode See switchport mode on page 208 Example private vlan association Use this command to associate a primary VLAN with a secondary i e community VLAN Use the no form to remove all associations for the specified primary VLAN Syntax private vlan primary vlan id asso...

Page 478: ...side of the primary VLAN via promiscuous ports Example switchport mode private vlan Use this command to set the private VLAN mode for an interface Use the no form to restore the default setting Syntax switchport mode private vlan host promiscuous no switchport mode private vlan host This port type can subsequently be assigned to a community or isolated VLAN promiscuous This port type can communica...

Page 479: ...t association Use this command to associate an interface with a secondary VLAN Use the no form to remove this association Syntax switchport private vlan host association secondary vlan id no switchport private vlan host association secondary vlan id ID of secondary i e community VLAN Range 1 4093 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Cons...

Page 480: ...vate vlan isolated isolated vlan id no switchport private vlan isolated isolated vlan id ID of isolated VLAN Range 1 4093 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage Host ports assigned to a isolated VLAN cannot pass traffic between group members and must communicate with resources outside of the group via a promiscuous port Example Console config ...

Page 481: ... can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs Example show vlan private vlan Use this command to show the private VLAN configuration settings on this switch Syntax show vlan private vlan mapping community isolated primary community Displays all community VLANs along with their associated primary VLAN and assigned...

Page 482: ... describes how to enable GVRP for individual interfaces and globally for the switch as well as how to display default configuration settings for the Bridge Extension MIB Console show vlan private vlan Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 0 8 isolated Console Table 4 59 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GV...

Page 483: ...hould be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example show bridge ext This command shows the configuration for bridge extension commands Default Setting None show gvrp configuration Displays GVRP configuration for the selected interface NE PE 4 227 garp timer Sets the GARP timer for the selected function IC 4 227 show garp timer Sh...

Page 484: ... enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Console show bridge ext Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable No Traffic class...

Page 485: ...ific configuration Command Mode Normal Exec Privileged Exec Example garp timer This command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall join leave leaveall Which timer to set timer_value Value of timer Console config interface ethernet 1 1 Console conf...

Page 486: ...efault values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registration deregistration Timer values are applied to GVRP for all the ports on all VLANs Timer values must meet the following restrictions leave 2 x join leaveall leave Note Set GVRP timers on all Layer 2 devices ...

Page 487: ...this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion This switch supports CoS with eight priority queues for each port Data packets in a port s high priority queue will be transmitted before those in the lower priority queues You can set the default priority for each interface the relative weight of each queue and the...

Page 488: ...lass of service values 4 237 Table 4 61 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 4 230 switchport priority default Sets a port priority for incoming untagged frames IC 4 230 queue bandwidth Assigns round robin weights to the priority queues GC 4 233 queue cos map Assigns class of service values to the prio...

Page 489: ...Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority queuing Example The following example sets the queue mode to strict priority service mode swi...

Page 490: ... be used This switch provides eight priority queues for each port It is configured to use Weighted Round Robin which can be viewed with the show queue bandwidth command Inbound frames that do not have VLAN tags are tagged with the input port s default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Theref...

Page 491: ...sed by the WRR scheduler Range 1 15 Default Setting Weights 1 2 4 6 8 10 12 14 are assigned to queues 0 7 respectively Command Mode Interface Configuration Ethernet Port Channel Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights Example This example shows how to assign WRR weights to each of the priority queues for port 5 Related Commands show queue band...

Page 492: ...oS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Command Mode Interface Configur...

Page 493: ...ue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the eight priority queues Default Setting None Console config interface ethernet 1 1 Console config if queue cos map 0 0 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if exit Console show queue cos map ethernet 1 1 Information of Eth 1 1 Traffic Class 0 1 2 3 4 5 6 7 Pr...

Page 494: ...t unit port unit Stack unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 2 0 1 3 4 5 6 7 Console ...

Page 495: ...chport priority Example The following example shows how to enable IP DSCP mapping globally Table 4 63 Priority Commands Layer 3 and 4 Command Function Mode Page map ip dscp Enables IP DSCP class of service mapping GC 4 237 map ip dscp Maps IP DSCP value to a class of service IC 4 238 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 119 show...

Page 496: ...hat all the DSCP values that are not specified are mapped to CoS value 0 Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP DSCP and default switchport priority DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware ...

Page 497: ...d shows the IP DSCP priority map Syntax show map ip dscp interface interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Console config interface ethernet 1 5 Console config if map ip dscp 1 cos 0 Console config if ...

Page 498: ...h router to ensure that it will continue to receive the multicast service Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console Table 4 65 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment ...

Page 499: ...ping Table 4 66 IGMP Snooping Commands Command Function Mode Page ip igmp snooping Enables IGMP snooping GC 4 241 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 4 242 ip igmp snooping version Configures the IGMP version for snooping GC 4 243 show ip igmp snooping Shows the IGMP snooping and query configuration PE 4 243 show mac address table multicast Shows the ...

Page 500: ...n id VLAN ID Range 1 4093 ip address IP address for multicast group interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port Console config ip igmp snooping vlan 1 static 224 0 0 12 ethernet 1 5 Co...

Page 501: ...ems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 show ip igmp snooping This command shows th...

Page 502: ...t vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Console show ip igmp snooping Service status Enabled Querier status Disabled Quer...

Page 503: ...show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 67 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 245 ip igmp snooping query count Configures the query count GC 4 246 ip igmp snooping query interval Configures the quer...

Page 504: ...t group Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a number of queries defined by this command but a client has not responded a countdown timer is started using the time defined by ip igmp snooping query max response time If th...

Page 505: ...t query messages Range 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max response time This command configures the query report delay Use the no form to restore the default Syntax ip igmp snooping query max response time seconds no ip igmp snooping query max response time se...

Page 506: ...nt is considered to have left the multicast group Example The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp snooping version 4 243 ip igmp snooping query max response time 4 247 ip igmp snooping router port expire time This command configures the query timeout Use the no form to restore the default Syntax ip igmp snooping router port expire time ...

Page 507: ...ng vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4093 interface ethernet unit port unit Stack unit Always unit 1 Console config ip igmp snooping router port expire time 300 Console config Table 4 68 Static Multicast Routing Commands Command Functio...

Page 508: ...u can manually configure that interface to join all the current multicast groups Example The following shows how to configure port 11 as a multicast router port within VLAN 1 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4093 Default Se...

Page 509: ...her devices that exist on another network segment Basic IP Configuration Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console Table 4 69 IP Interface Commands Command Function Mode Page ip address Sets the IP address for the current interface IC 4 252 ip dhcp restart Submits a BOOTP or DCHP client request PE 4 253 ip default gatewa...

Page 510: ...y configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the configuration program If you select the bootp or dhcp option IP is enabled but will not function until a BOOTP or DHCP reply has been received Requests will be broadc...

Page 511: ...CP client request Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address pro...

Page 512: ...P address of the default gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restar...

Page 513: ...d shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain 4 253 Console show ip interface IP address and netmask 192 168 1 54 255 255 255 0 on VLAN 1 and address mode User ...

Page 514: ...Setting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in te...

Page 515: ...h can be configured to relay DHCP client configuration requests to a DHCP server on another network or you can configure this switch to provide DHCP service directly to any client Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping stat...

Page 516: ...fault domain name for incomplete host names GC 4 260 ip domain list Defines a list of default domain names for incomplete host names GC 4 260 ip name server Specifies the address of one or more name servers to use for host name to address translation GC 4 262 ip domain lookup Enables DNS based host name to address translation GC 4 263 show hosts Displays the static host name to address mapping tab...

Page 517: ...evice Example This example maps two address to a host name clear host This command deletes entries from the DNS table Syntax clear host name name Name of the host Range 1 64 characters Removes all entries Default Setting None Command Mode Privileged Exec Example This example clears all static entries from the DNS table Console config ip host rd5 192 168 1 55 10 1 0 55 Console config end Console sh...

Page 518: ...etting None Command Mode Global Configuration Example Related Commands ip domain list 4 260 ip name server 4 262 ip domain lookup 4 263 ip domain list This command defines a list of domain names that can be appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use the no form to remove a name from this list Console config ip domain name s...

Page 519: ...checking with the specified name servers for a match If there is no domain list the domain name specified with the ip domain name command is used If there is a domain list the default domain name is not used Example This example adds two domain names to the current list and then displays the list Related Commands ip domain name 4 260 Console config ip domain list sample com jp Console config ip do...

Page 520: ...ame servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Example This example adds two domain name servers to the list and then displays the list Related Commands ip domain name 4 260 Console config ip name server 192 168 1 55 10 1 0 ...

Page 521: ...erver must be specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Example This example enables DNS and then displays the configuration Related Commands ip domain name 4 260 ip name server 4 262 Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample...

Page 522: ...igured entry show dns This command displays the configuration of the DNS server Command Mode Privileged Exec Example show dns cache This command displays entries in the DNS cache Command Mode Privileged Exec Console show hosts Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Console Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp samp...

Page 523: ...4 CNAME 66 218 71 89 298 www yahoo akadns net 5 4 CNAME 66 218 71 86 298 www yahoo akadns net Console Table 4 71 Show DNS Output Description Field Description NO The entry number for each resource record FLAG The flag is always 4 indicating a cache entry and therefore unreliable TYPE This field includes CNAME which specifies the canonical or primary name for the owner IP The IP address associated ...

Page 524: ...COMMAND LINE INTERFACE 4 266 ...

Page 525: ...000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP 10GBASE LR SR 10 Gbps at full duplex Module Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring One source ports one destination port Rate Limits Input Limit Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link...

Page 526: ...nd Robin Queueing which can be configured by VLAN tag or port Layer 3 4 priority mapping IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts Management Features In Band Management Telnet Web based HTTP or HTTPS SNMP manager or Secure Shell...

Page 527: ... Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC 8802 3 IEEE 802 3ac VLAN tagging DHCP Client RFC 1541 HTTPS IGMP RFC 1112 IGMPv2 RFC 2236 RADIUS RFC 2618 RMON RFC 1757 groups 1 2 3 9 SNMP RFC 1157 SNMPv2c RFC 2571 SNMPv3 RFC DRAFT 3414 3410 2273 3411 3415 SNTP RFC 2030 SSH...

Page 528: ... Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP View Based ACM MIB RFC 3415 SNMP Communit...

Page 529: ... the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you are trying to connect to the switch via the IP address for a tagged VLAN group your management station and the ports connecting intermediate swit...

Page 530: ...p an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 stop bit no parity and the baud rate ...

Page 531: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 532: ...TROUBLESHOOTING B 4 ...

Page 533: ...hem in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number or DSCP priority bit Differentiated Services Code Point Service DSCP DSCP uses a six bit tag to provide for up...

Page 534: ...on Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network Generic Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership...

Page 535: ...vice QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value IEEE 802 1s An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to fir...

Page 536: ...t Protocol IGMP A protocol through which hosts can register with their local router for multicast services If there is more than one multicast switch router on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A...

Page 537: ...ction meaning that it takes a message and converts it into a fixed string of digits also called a message digest Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered or forwards them to all ports contained within the designated multicast VLAN group Network Time Protocol NTP NTP provides the mechanisms to synchroni...

Page 538: ...s Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network Remote Monitoring RMON RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including...

Page 539: ... Tree Protocol STP A technology that checks your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Controller Acces...

Page 540: ...s that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share informatio...

Page 541: ...29 DSCP 3 194 3 196 4 237 layer 3 4 priorities 3 193 4 237 queue mapping 3 188 4 234 queue mode 3 191 4 230 traffic class weights 3 192 4 233 D default gateway configuration 3 18 4 254 default priority ingress port 3 187 4 231 default settings system 1 7 DHCP 3 20 4 252 client 3 18 dynamic configuration 2 7 Differentiated Code Point Service See DSCP downloading software 3 23 4 83 DSCP enabling 3 1...

Page 542: ...3 65 4 90 RADIUS client 3 67 4 93 RADIUS server 3 67 4 93 TACACS client 3 67 3 68 4 98 TACACS server 3 67 3 68 4 98 logon authentication sequence 3 69 4 91 4 92 M main menu 3 5 Management Information Bases MIBs A 3 mirror port configuring 3 123 4 158 MSTP global settings 3 153 multicast filtering 3 198 4 240 multicast groups 3 204 4 244 displaying 4 244 static 3 204 4 242 4 244 multicast services ...

Page 543: ...32 version 3 3 42 3 50 4 129 4 133 4 142 software displaying version 3 14 4 80 downloading 3 23 4 83 Spanning Tree Protocol See STA specifications software A 1 SSH configuring 3 74 4 48 4 49 STA 3 136 4 180 edge port 3 149 3 152 4 196 global settings configuring 3 141 4 182 4 188 global settings displaying 3 138 4 202 interface settings 3 146 3 157 3 159 4 201 4 202 4 204 link type 3 149 3 152 4 1...

Page 544: ...5 V VLANs 3 161 4 204 4 219 adding static members 3 170 3 172 4 213 creating 3 168 4 206 description 3 161 displaying basic information 3 165 4 225 displaying port members 3 166 4 215 egress mode 3 175 4 208 interface configuration 3 173 4 209 4 214 private 3 177 3 185 4 216 W Web interface access requirements 3 1 configuration buttons 3 4 home page 3 3 menu list 3 4 3 5 panel display 3 4 ...

Page 545: ......

Page 546: ...39 02 739 12 68 Fax 39 02 739 14 17 Benelux 31 0 654 776 790 Fax 31 0 172 242 393 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic and Baltics 46 0 566 622 83 Fax 45 0 566 622 86 Eastern Europe 420 266 794 421 Fax 420 266 794 423 Sub Saharian Africa 27 012 661 0232 Fax 34 93 471 3374 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 34 93 477 4920 Fax 34 93 477 3774 PRC 86 10 6235...

Reviews:

No comments

Related manuals for 8728L2 - annexe 1

Talkswitch switch Start Manual preview
switch
Brand: Talkswitch Pages: 17
3onedata TNS5500D Series Quick Start Manual preview
TNS5500D Series
Brand: 3onedata Pages: 5
3onedata IPS7112G-4GS-8GPOE Quick Installation Manual preview
IPS7112G-4GS-8GPOE
Brand: 3onedata Pages: 3
Cabletron Systems MMAC-Plus 9G426-02 Reference Manual preview
MMAC-Plus 9G426-02
Brand: Cabletron Systems Pages: 12
Cabletron Systems MMAC-Plus 9F310-02 Appendix preview
MMAC-Plus 9F310-02
Brand: Cabletron Systems Pages: 4
Cabletron Systems 9E423-36 Owner'S Manual preview
9E423-36
Brand: Cabletron Systems Pages: 16
cable matters 101065 Quick Start Manual preview
101065
Brand: cable matters Pages: 4
CableCreation CD0395 User Manual preview
CD0395
Brand: CableCreation Pages: 7
Edge-Core AS7726-32X Quick Start Manual preview
AS7726-32X
Brand: Edge-Core Pages: 9
Gefen 2X2 VGA SWITCHER User Manual preview
2X2 VGA SWITCHER
Brand: Gefen Pages: 12
hager WXT30 Series Manual preview
WXT30 Series
Brand: hager Pages: 4
Paugge ENT-MX20B16X16 User Manual preview
ENT-MX20B16X16
Brand: Paugge Pages: 20
Raritan SwitchMan USB-Combo SW2 Brochure preview
SwitchMan USB-Combo SW2
Brand: Raritan Pages: 2
UNICOM Smart-Switch/801 FEP-30109T-C User Manual preview
Smart-Switch/801 FEP-30109T-C
Brand: UNICOM Pages: 22
HighSecLabs SC21H-N Quick Setup Manual preview
SC21H-N
Brand: HighSecLabs Pages: 10
I-Rocks IR-4650 Quick Installation Manual preview
IR-4650
Brand: I-Rocks Pages: 18
Cabletron Systems SEHI-22FL User Manual preview
SEHI-22FL
Brand: Cabletron Systems Pages: 85
3onedata IES6300PRO Series Quick Installation Manual preview
IES6300PRO Series
Brand: 3onedata Pages: 5

Brands by name

Popular brands

Load more brands